diff --git a/.github/workflows/maven_build.yml b/.github/workflows/maven_build.yml
index 0c2b41c..08fcb7a 100644
--- a/.github/workflows/maven_build.yml
+++ b/.github/workflows/maven_build.yml
@@ -12,7 +12,7 @@ on:
- bugfix/**
paths:
- .github/**
- - src/**
+ - ../../isy-security/src/**
- pom.xml
workflow_dispatch:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90fbbfd..bd6bfd6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
- `IFS-4785`: Hinzufügen einer Property für die Restlebensdauer gecachter OAuth2-Token
- `IFS-4810`: Ausbau der Validierung des "aud"-Claims erstellter Tokens
- `IFS-4583`: Wiedereinführung der Quality-Gates
+- `IFS-4579`: Wiederherstellung von isy-security-test
### BREAKING CHANGE
- `IFS-4812`: Verwendung sicherer Hashfunktion mit SHA-512 für Caching
diff --git a/isy-security-doc/pom.xml b/isy-security-doc/pom.xml
new file mode 100644
index 0000000..c2585d9
--- /dev/null
+++ b/isy-security-doc/pom.xml
@@ -0,0 +1,24 @@
+
+
+ 4.0.0
+
+
+ de.bund.bva.isyfact
+ isy-security-parent
+ ${revision}
+
+
+ isy-security-doc
+
+ IsyFact Security Dokumentation
+ Komponente mit der Dokumentation über die Security-Komponente.
+
+
+ 25
+ 25
+ UTF-8
+ dd.MM.yyyy
+
+
\ No newline at end of file
diff --git a/docs/LICENSE b/isy-security-doc/src/LICENSE
similarity index 100%
rename from docs/LICENSE
rename to isy-security-doc/src/LICENSE
diff --git a/docs/antora.yml b/isy-security-doc/src/antora.yml
similarity index 100%
rename from docs/antora.yml
rename to isy-security-doc/src/antora.yml
diff --git a/docs/modules/ROOT/images/konzept/Client-Credential-Flow.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Client-Credential-Flow.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Client-Credential-Flow.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Client-Credential-Flow.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Resource-Owner-Passwort-Credential-Flow.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Resource-Owner-Passwort-Credential-Flow.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Resource-Owner-Passwort-Credential-Flow.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Resource-Owner-Passwort-Credential-Flow.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch_Details.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch_Details.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch_Details.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungBatch_Details.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask_Details.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask_Details.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask_Details.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Sequenzdiagramm_AbsicherungTask_Details.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/ServiceGateway-Authentifizierung.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/ServiceGateway-Authentifizierung.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/ServiceGateway-Authentifizierung.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/ServiceGateway-Authentifizierung.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/ServiceGateway_plus_AuthGateway.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/ServiceGateway_plus_AuthGateway.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/ServiceGateway_plus_AuthGateway.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/ServiceGateway_plus_AuthGateway.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_ohne_AuthGateway.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_ohne_AuthGateway.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_ohne_AuthGateway.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_ohne_AuthGateway.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_plus_AuthGateway.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_plus_AuthGateway.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_plus_AuthGateway.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/Squenzdiagramm_ServiceGateway_plus_AuthGateway.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/authorization-code-connections.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/authorization-code-connections.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/authorization-code-connections.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/authorization-code-connections.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/authorization-code-flow.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/authorization-code-flow.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/authorization-code-flow.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/authorization-code-flow.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/multi_tenancy_isyfact.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/multi_tenancy_isyfact.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/multi_tenancy_isyfact.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/multi_tenancy_isyfact.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/rollen-beziehungen.png b/isy-security-doc/src/modules/ROOT/images/konzept/rollen-beziehungen.png
similarity index 100%
rename from docs/modules/ROOT/images/konzept/rollen-beziehungen.png
rename to isy-security-doc/src/modules/ROOT/images/konzept/rollen-beziehungen.png
diff --git a/docs/modules/ROOT/images/konzept/rollen-erstellung.png b/isy-security-doc/src/modules/ROOT/images/konzept/rollen-erstellung.png
similarity index 100%
rename from docs/modules/ROOT/images/konzept/rollen-erstellung.png
rename to isy-security-doc/src/modules/ROOT/images/konzept/rollen-erstellung.png
diff --git a/docs/modules/ROOT/images/konzept/security-schnittstellen.dn.png b/isy-security-doc/src/modules/ROOT/images/konzept/security-schnittstellen.dn.png
similarity index 100%
rename from docs/modules/ROOT/images/konzept/security-schnittstellen.dn.png
rename to isy-security-doc/src/modules/ROOT/images/konzept/security-schnittstellen.dn.png
diff --git a/docs/modules/ROOT/images/konzept/security_multi-tenancy_with_multi_iams.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/security_multi-tenancy_with_multi_iams.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/security_multi-tenancy_with_multi_iams.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/security_multi-tenancy_with_multi_iams.dn.svg
diff --git a/docs/modules/ROOT/images/konzept/software-architektur-berechtigungspruefung.png b/isy-security-doc/src/modules/ROOT/images/konzept/software-architektur-berechtigungspruefung.png
similarity index 100%
rename from docs/modules/ROOT/images/konzept/software-architektur-berechtigungspruefung.png
rename to isy-security-doc/src/modules/ROOT/images/konzept/software-architektur-berechtigungspruefung.png
diff --git a/docs/modules/ROOT/images/konzept/unterschiedliche-issuerURIs.dn.svg b/isy-security-doc/src/modules/ROOT/images/konzept/unterschiedliche-issuerURIs.dn.svg
similarity index 100%
rename from docs/modules/ROOT/images/konzept/unterschiedliche-issuerURIs.dn.svg
rename to isy-security-doc/src/modules/ROOT/images/konzept/unterschiedliche-issuerURIs.dn.svg
diff --git a/docs/modules/ROOT/nav.adoc b/isy-security-doc/src/modules/ROOT/nav.adoc
similarity index 100%
rename from docs/modules/ROOT/nav.adoc
rename to isy-security-doc/src/modules/ROOT/nav.adoc
diff --git a/docs/modules/ROOT/pages/konzept.adoc b/isy-security-doc/src/modules/ROOT/pages/konzept.adoc
similarity index 100%
rename from docs/modules/ROOT/pages/konzept.adoc
rename to isy-security-doc/src/modules/ROOT/pages/konzept.adoc
diff --git a/docs/modules/ROOT/pages/nutzungsvorgaben.adoc b/isy-security-doc/src/modules/ROOT/pages/nutzungsvorgaben.adoc
similarity index 100%
rename from docs/modules/ROOT/pages/nutzungsvorgaben.adoc
rename to isy-security-doc/src/modules/ROOT/pages/nutzungsvorgaben.adoc
diff --git a/docs/modules/ROOT/pages/nutzungsvorgaben/anhang.adoc b/isy-security-doc/src/modules/ROOT/pages/nutzungsvorgaben/anhang.adoc
similarity index 100%
rename from docs/modules/ROOT/pages/nutzungsvorgaben/anhang.adoc
rename to isy-security-doc/src/modules/ROOT/pages/nutzungsvorgaben/anhang.adoc
diff --git a/docs/modules/ROOT/partials/library.adoc b/isy-security-doc/src/modules/ROOT/partials/library.adoc
similarity index 100%
rename from docs/modules/ROOT/partials/library.adoc
rename to isy-security-doc/src/modules/ROOT/partials/library.adoc
diff --git a/isy-security-test/CHANGELOG.md b/isy-security-test/CHANGELOG.md
new file mode 100644
index 0000000..10575c8
--- /dev/null
+++ b/isy-security-test/CHANGELOG.md
@@ -0,0 +1,2 @@
+# X.X.X
+- keine
diff --git a/isy-security-test/pom.xml b/isy-security-test/pom.xml
new file mode 100644
index 0000000..ff51084
--- /dev/null
+++ b/isy-security-test/pom.xml
@@ -0,0 +1,98 @@
+
+
+ 4.0.0
+
+
+ de.bund.bva.isyfact
+ isy-security-parent
+ ${revision}
+
+
+ isy-security-test
+ jar
+
+ IsyFact Security Test
+ Stellt Utility-Klassen für das Testen von Authentifizierung und Autorisierung bereit.
+
+
+ 25
+ 25
+ UTF-8
+
+
+
+
+
+ de.bund.bva.isyfact
+ isyfact-products-bom
+ ${project.parent.version}
+ pom
+ import
+
+
+ de.bund.bva.isyfact
+ isyfact-standards-bom
+ ${project.parent.version}
+ pom
+ import
+
+
+
+
+
+ org.springframework.security
+ spring-security-oauth2-jose
+
+
+ org.springframework
+ spring-context
+
+
+ org.springframework
+ spring-boot
+
+
+
+
+ org.springframework.security
+ spring-security-oauth2-client
+
+
+ org.springframework
+ spring-context
+
+
+
+
+ org.junit.jupiter
+ junit-jupiter-api
+ compile
+
+
+ org.assertj
+ assertj-core
+ test
+
+
+ org.wiremock
+ wiremock-standalone
+ ${wiremock.version}
+ compile
+
+
+ com.fasterxml.jackson.core
+ jackson-core
+ test
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ test
+
+
+ io.projectreactor.netty
+ reactor-netty
+ test
+
+
+
\ No newline at end of file
diff --git a/src/test/java/de/bund/bva/isyfact/security/test/RsaKeyGenerator.java b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/RsaKeyGenerator.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/test/RsaKeyGenerator.java
rename to isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/RsaKeyGenerator.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMock.java b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMock.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMock.java
rename to isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMock.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStub.java b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStub.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStub.java
rename to isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStub.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java
similarity index 99%
rename from src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java
rename to isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java
index d65e933..99f276b 100644
--- a/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java
+++ b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/OidcProviderMockBase.java
@@ -156,6 +156,7 @@ private StubMapping setupJwksEndpoint() {
/**
* Set up error responses when no stub for the token endpoint (user or client) were found or the request contains invalid data.
*/
+ @SuppressWarnings("java:S2068")
private Set setupDefaultTokenEndpoints() {
Set stubMappings = new HashSet<>();
diff --git a/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/RemoteOidcProviderMock.java b/isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/RemoteOidcProviderMock.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/RemoteOidcProviderMock.java
rename to isy-security-test/src/main/java/de/bund/bva/isyfact/security/test/oidcprovider/RemoteOidcProviderMock.java
diff --git a/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMockTest.java b/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMockTest.java
new file mode 100644
index 0000000..cedc88c
--- /dev/null
+++ b/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderMockTest.java
@@ -0,0 +1,319 @@
+package de.bund.bva.isyfact.security.test.oidcprovider;
+
+import static de.bund.bva.isyfact.security.test.oidcprovider.EmbeddedOidcProviderStub.BHKNZ_CLAIM_NAME;
+import static de.bund.bva.isyfact.security.test.oidcprovider.OidcProviderMockBase.BHKNZ_HEADER_NAME;
+import static de.bund.bva.isyfact.security.test.oidcprovider.OidcProviderMockBase.JWKS_ENDPOINT;
+import static de.bund.bva.isyfact.security.test.oidcprovider.OidcProviderMockBase.OIDC_CONFIG_ENDPOINT;
+import static de.bund.bva.isyfact.security.test.oidcprovider.OidcProviderMockBase.TOKEN_ENDPOINT;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.text.ParseException;
+import java.util.Collections;
+import java.util.Optional;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.web.reactive.function.BodyInserters;
+import org.springframework.web.reactive.function.client.WebClient;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.JWTParser;
+
+import reactor.core.publisher.Mono;
+
+class EmbeddedOidcProviderMockTest {
+
+ public static final ObjectMapper mapper = new ObjectMapper();
+
+ private static final String host = "localhost";
+
+ private static final int port = 9096;
+
+ private static final String issuerPath = "/auth/realms/testrealm";
+
+ @RegisterExtension
+ private static final EmbeddedOidcProviderMock mock = new EmbeddedOidcProviderMock(host, port, issuerPath);
+
+ public static final String CC_ID = "client-client";
+ public static final String CC_SECRET = "cc-secret";
+ public static final String UC_ID = "user-client";
+ public static final String UC_SECRET = "uc-secret";
+ public static final String USER_WITHOUT_BHKNZ = "user-without-bhknz";
+ public static final String USER_WITH_BHKNZ = "user-with-bhknz";
+ public static final String USER_PASSWORD = "test";
+ public static final String USER_BHKNZ = "123456";
+ public static final String USER_OU = "USEROU";
+ public static final String INVALID_BHKNZ = "999999";
+
+ private static WebClient webClient;
+
+ @BeforeAll
+ public static void setupWebClient() {
+ webClient = WebClient.builder().baseUrl("http://" + host + ":" + port + issuerPath).build();
+ mock.setSecondOu(USER_OU);
+ mock.addUser(UC_ID, UC_SECRET, USER_WITHOUT_BHKNZ, USER_PASSWORD, Optional.empty(), Collections.emptySet());
+ mock.addUser(UC_ID, UC_SECRET, USER_WITH_BHKNZ, USER_PASSWORD, Optional.of(USER_BHKNZ), Collections.emptySet());
+ mock.addClient(CC_ID, CC_SECRET, Collections.emptySet());
+ }
+
+ @Test
+ void testOidcConfigEndpoint() {
+ HttpStatusCode status = webClient.get().uri(OIDC_CONFIG_ENDPOINT)
+ .exchangeToMono(response -> Mono.just(response.statusCode())).block();
+
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ void testJwksEndpoint() {
+ HttpStatusCode status = webClient.get().uri(JWKS_ENDPOINT)
+ .exchangeToMono(response -> Mono.just(response.statusCode())).block();
+
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ void testTokenEndpointWithoutBodyFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .exchangeToMono(response -> {
+ assertEquals(HttpStatus.BAD_REQUEST, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_request", "Missing grant type");
+ }
+
+ @Test
+ void testTokenEndpointWithOnlyGrantTypeFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()))
+ .exchangeToMono(response -> {
+ assertEquals(HttpStatus.BAD_REQUEST, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("unsupported_grant_type", "Invalid client-id or secret");
+ }
+
+ @Test
+ void testTokenEndpointWithoutUsernameFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Missing username");
+ }
+
+ @Test
+ void testTokenEndpointWithoutPasswordFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITHOUT_BHKNZ)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Missing password");
+ }
+
+ @Test
+ void testUserWithoutBhknzDoesNotHaveBhknzInToken() throws JsonProcessingException, ParseException {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> headers.setBasicAuth(UC_ID, UC_SECRET))
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITHOUT_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.OK, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ String token = mapper.readTree(body).get("access_token").asText();
+ JWTClaimsSet claims = JWTParser.parse(token).getJWTClaimsSet();
+
+ assertEquals(USER_WITHOUT_BHKNZ, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertFalse(claims.getClaims().containsKey(BHKNZ_CLAIM_NAME));
+ }
+
+ @Test
+ void testUserWithoutBhknzAndWithBhknzHeaderDoesNotHaveBhknzInToken() throws JsonProcessingException, ParseException {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> {
+ headers.setBasicAuth(UC_ID, UC_SECRET);
+ headers.add(BHKNZ_HEADER_NAME, String.format("%s:%s", INVALID_BHKNZ, USER_OU));
+ })
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITHOUT_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.OK, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ String token = mapper.readTree(body).get("access_token").asText();
+ JWTClaimsSet claims = JWTParser.parse(token).getJWTClaimsSet();
+
+ assertEquals(USER_WITHOUT_BHKNZ, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertFalse(claims.getClaims().containsKey(BHKNZ_CLAIM_NAME));
+ }
+
+ @Test
+ void testUserWithBhknzAndBhknzHeaderHasBhknzInToken1() throws JsonProcessingException, ParseException {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> {
+ headers.setBasicAuth(UC_ID, UC_SECRET);
+ headers.add(BHKNZ_HEADER_NAME, String.format("%s:%s", USER_BHKNZ, USER_OU)); // bhknz first value
+ })
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITH_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.OK, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ String token = mapper.readTree(body).get("access_token").asText();
+ JWTClaimsSet claims = JWTParser.parse(token).getJWTClaimsSet();
+
+ assertEquals(USER_WITH_BHKNZ, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertEquals(USER_BHKNZ, claims.getStringClaim(BHKNZ_CLAIM_NAME));
+ }
+
+ @Test
+ void testUserWithBhknzAndBhknzHeaderHasBhknzInToken2() throws JsonProcessingException, ParseException {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> {
+ headers.setBasicAuth(UC_ID, UC_SECRET);
+ headers.add(BHKNZ_HEADER_NAME, String.format("%s:%s", USER_OU, USER_BHKNZ)); // OU first value
+ })
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITH_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.OK, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ String token = mapper.readTree(body).get("access_token").asText();
+ JWTClaimsSet claims = JWTParser.parse(token).getJWTClaimsSet();
+
+ assertEquals(USER_WITH_BHKNZ, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertEquals(USER_BHKNZ, claims.getStringClaim(BHKNZ_CLAIM_NAME));
+ }
+
+ @Test
+ void testUserWithBhknzAndWithoutBhknzHeaderIsUnauthorized() {
+ // this test does not reflect how a dedicated OIDC provider might act
+ // but instead tests the behaviour required by the mock to distinguish between users with and without bhknz
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> headers.setBasicAuth(UC_ID, UC_SECRET))
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITH_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Invalid bhknz");
+ }
+
+ @Test
+ void testUserWithBhknzAndWithoutBhknzInHeaderIsUnauthorized() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> {
+ headers.setBasicAuth(UC_ID, UC_SECRET);
+ headers.add(BHKNZ_HEADER_NAME, String.format("%s:%s", INVALID_BHKNZ, USER_OU));
+ })
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITH_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Invalid bhknz");
+ }
+
+ @Test
+ void testUserWithBhknzAndWithoutOUInHeaderIsUnauthorized() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> {
+ headers.setBasicAuth(UC_ID, UC_SECRET);
+ headers.add(BHKNZ_HEADER_NAME, String.format("%s:%s", USER_BHKNZ, "wrong"));
+ })
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITH_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Invalid bhknz");
+ }
+
+ @Test
+ void testUserWithInvalidUsernameFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> headers.setBasicAuth(UC_ID, UC_SECRET))
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, "invalid")
+ .with(OAuth2ParameterNames.PASSWORD, USER_PASSWORD)
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Invalid username");
+ }
+
+ @Test
+ void testUserWithInvalidPasswordFails() {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> headers.setBasicAuth(UC_ID, UC_SECRET))
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.PASSWORD.getValue())
+ .with(OAuth2ParameterNames.USERNAME, USER_WITHOUT_BHKNZ)
+ .with(OAuth2ParameterNames.PASSWORD, "invalid")
+ ).exchangeToMono(response -> {
+ assertEquals(HttpStatus.UNAUTHORIZED, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ assertThat(body).contains("invalid_grant", "Invalid password");
+ }
+
+ @Test
+ void testClientWorks() throws JsonProcessingException, ParseException {
+ String body = webClient.post().uri(TOKEN_ENDPOINT)
+ .headers(headers -> headers.setBasicAuth(CC_ID, CC_SECRET))
+ .body(BodyInserters.fromFormData(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()))
+ .exchangeToMono(response -> {
+ assertEquals(HttpStatus.OK, response.statusCode());
+ return response.bodyToMono(String.class);
+ }).block();
+
+ String token = mapper.readTree(body).get("access_token").asText();
+ JWTClaimsSet claims = JWTParser.parse(token).getJWTClaimsSet();
+
+ assertEquals("service-account-client-client", claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertFalse(claims.getClaims().containsKey(BHKNZ_CLAIM_NAME));
+ }
+
+}
\ No newline at end of file
diff --git a/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStubTest.java b/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStubTest.java
new file mode 100644
index 0000000..a25e6bf
--- /dev/null
+++ b/isy-security-test/src/test/java/de/bund/bva/isyfact/security/test/oidcprovider/EmbeddedOidcProviderStubTest.java
@@ -0,0 +1,146 @@
+package de.bund.bva.isyfact.security.test.oidcprovider;
+
+import static de.bund.bva.isyfact.security.test.oidcprovider.EmbeddedOidcProviderStub.BHKNZ_CLAIM_NAME;
+import static de.bund.bva.isyfact.security.test.oidcprovider.EmbeddedOidcProviderStub.DEFAULT_ROLES_CLAIM_NAME;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jose.jwk.JWKParameterNames;
+import com.nimbusds.jose.util.Base64URL;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.JWTParser;
+
+import de.bund.bva.isyfact.security.test.RsaKeyGenerator;
+
+/**
+ * Unit tests for {@link EmbeddedOidcProviderStub}.
+ */
+public class EmbeddedOidcProviderStubTest {
+
+ public static final ObjectMapper mapper = new ObjectMapper();
+
+ private static final int tokenLifespan = 30;
+
+ private final EmbeddedOidcProviderStub oidcProviderStub =
+ new EmbeddedOidcProviderStub("oidc-provider", 9096, "/auth/realms/testrealm", tokenLifespan);
+
+ @Test
+ void testAccessTokenWithBhknz() throws ParseException {
+ UUID userId = UUID.randomUUID();
+ String clientId = "testclient";
+ String audience = "account";
+ String userName = "testuser";
+ String bhknz = "123456";
+ List roles = Arrays.asList("testrole1", "testrole2");
+ Instant preRequestTime = Instant.now().minusSeconds(1); // subtract a second because "iat" does not have millis
+
+ String accessTokenString = oidcProviderStub.getAccessTokenString(userId, clientId, userName, Optional.of(bhknz),
+ new HashSet<>(roles));
+ JWT token = JWTParser.parse(accessTokenString);
+ JWTClaimsSet claims = token.getJWTClaimsSet();
+
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm", claims.getIssuer());
+ assertEquals(userId.toString(), claims.getSubject());
+ assertThat(claims.getAudience()).containsOnly(audience);
+ assertEquals(userName, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertThat(claims.getStringArrayClaim(DEFAULT_ROLES_CLAIM_NAME)).containsOnly("testrole1", "testrole2");
+ assertEquals(bhknz, claims.getStringClaim(BHKNZ_CLAIM_NAME));
+
+ Instant issueTime = claims.getIssueTime().toInstant();
+ assertTrue(issueTime.isAfter(preRequestTime));
+ assertTrue(issueTime.isBefore(Instant.now()));
+ Instant expirationTime = claims.getExpirationTime().toInstant();
+ assertEquals(expirationTime, issueTime.plusSeconds(tokenLifespan));
+ }
+
+ @Test
+ void testAccessTokenWithoutBhknz() throws ParseException {
+ UUID userId = UUID.randomUUID();
+ String clientId = "testclient";
+ String audience = "account";
+ String userName = "testuser";
+ List roles = Arrays.asList("testrole1", "testrole2");
+
+ String accessTokenString = oidcProviderStub.getAccessTokenString(userId, clientId, userName, Optional.empty(),
+ new HashSet<>(roles));
+ JWT token = JWTParser.parse(accessTokenString);
+ JWTClaimsSet claims = token.getJWTClaimsSet();
+
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm", claims.getIssuer());
+ assertEquals(userId.toString(), claims.getSubject());
+ assertThat(claims.getAudience()).containsOnly(audience);
+ assertEquals(userName, claims.getStringClaim(StandardClaimNames.PREFERRED_USERNAME));
+ assertThat(claims.getStringArrayClaim(DEFAULT_ROLES_CLAIM_NAME)).containsOnly("testrole1", "testrole2");
+ assertFalse(claims.getClaims().containsKey(BHKNZ_CLAIM_NAME));
+ }
+
+ @Test
+ void testAccessTokenResponse() throws JsonProcessingException, ParseException {
+ String clientId = "testclient";
+ String userName = "testuser";
+ String bhknz = "123456";
+ List roles = Arrays.asList("testrole1", "testrole2");
+
+ String accessTokenResponse = oidcProviderStub.getAccessTokenResponse(clientId, userName, Optional.of(bhknz), new HashSet<>(roles));
+
+ JsonNode tree = mapper.readTree(accessTokenResponse);
+
+ // test if valid JWT, content is validated in different tests
+ assertNotNull(JWTParser.parse(tree.get("access_token").asText()));
+ assertEquals("Bearer", tree.get("token_type").asText());
+
+ long expiresEpochSecond = tree.get("expires_in").asLong();
+ Instant expiresAt = Instant.ofEpochSecond(expiresEpochSecond);
+ Instant now = Instant.now();
+
+ assertTrue(expiresAt.isAfter(now));
+ assertTrue(expiresAt.isBefore(now.plusSeconds(tokenLifespan).plusSeconds(60)));
+ }
+
+ @Test
+ void testOIDCConfigResponse() throws JsonProcessingException {
+ String configResponse = oidcProviderStub.getOIDCConfigResponse("/certs", "/auth", "/token");
+
+ JsonNode tree = mapper.readTree(configResponse);
+
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm", tree.get("issuer").asText());
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm/certs", tree.get("jwks_uri").asText());
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm/auth", tree.get("authorization_endpoint").asText());
+ assertEquals("http://oidc-provider:9096/auth/realms/testrealm/token", tree.get("token_endpoint").asText());
+ }
+
+ @Test
+ void testJwkResponse() throws JsonProcessingException {
+ RSAPublicKey expectedPublicKey = (RSAPublicKey) RsaKeyGenerator.decodePublicKey(oidcProviderStub.getPublicKey());
+
+ String jwkResponse = oidcProviderStub.getJwksResponse();
+
+ JsonNode tree = mapper.readTree(jwkResponse);
+ JsonNode key = tree.get("keys").get(0);
+
+ assertFalse(key.get(JWKParameterNames.KEY_ID).asText().isEmpty());
+ assertEquals("RSA", key.get(JWKParameterNames.KEY_TYPE).asText());
+ assertEquals("RS256", key.get(JWKParameterNames.ALGORITHM).asText());
+ assertEquals("sig", key.get(JWKParameterNames.PUBLIC_KEY_USE).asText());
+ assertEquals(Base64URL.encode(expectedPublicKey.getModulus()).toString(), key.get(JWKParameterNames.RSA_MODULUS).asText());
+ assertEquals(Base64URL.encode(expectedPublicKey.getPublicExponent()).toString(), key.get(JWKParameterNames.RSA_EXPONENT).asText());
+ }
+
+}
\ No newline at end of file
diff --git a/isy-security/pom.xml b/isy-security/pom.xml
new file mode 100644
index 0000000..1af31f6
--- /dev/null
+++ b/isy-security/pom.xml
@@ -0,0 +1,201 @@
+
+
+ 4.0.0
+
+ de.bund.bva.isyfact
+ isy-security-parent
+ ${revision}
+
+
+ isy-security
+ jar
+
+ IsyFact Security
+ Komponente für die Autorisierung von Benutzern in IsyFact-Anwendungen.
+
+
+ 25
+ 25
+ UTF-8
+
+
+
+
+
+ de.bund.bva.isyfact
+ isyfact-products-bom
+ ${project.parent.version}
+ pom
+ import
+
+
+ de.bund.bva.isyfact
+ isyfact-standards-bom
+ ${project.parent.version}
+ pom
+ import
+
+
+
+
+
+ de.bund.bva.isyfact
+ isy-logging
+
+
+ org.springframework
+ spring-web
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-autoconfigure
+
+
+ org.springframework.security
+ spring-security-config
+
+
+ org.springframework.security
+ spring-security-oauth2-jose
+
+
+ org.springframework
+ spring-web
+
+
+ org.springframework.security
+ spring-security-oauth2-core
+
+
+
+
+ org.springframework.security
+ spring-security-oauth2-resource-server
+
+
+ org.springframework
+ spring-web
+
+
+ org.springframework.security
+ spring-security-oauth2-core
+
+
+
+
+ org.springframework.security
+ spring-security-oauth2-core
+ 6.5.3
+
+
+ org.springframework
+ spring-web
+
+
+
+
+ org.springframework.security
+ spring-security-oauth2-client
+
+ true
+
+
+
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-xml
+
+
+
+ org.springframework.boot
+ spring-boot-configuration-processor
+ true
+
+
+ org.springframework.boot
+ spring-boot-autoconfigure-processor
+ true
+
+
+
+ org.ehcache
+ ehcache
+
+
+
+ de.bund.bva.isyfact
+ isy-security-test
+ test
+
+
+ org.springframework
+ spring-context
+
+
+
+
+ org.springframework
+ spring-test
+ 6.2.10
+
+
+ org.springframework
+ spring-web
+ 6.2.10
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ 3.5.5
+ test
+
+
+ org.springframework
+ spring-test
+
+
+
+
+ org.springframework.security
+ spring-security-test
+ test
+
+
+ org.springframework
+ spring-webflux
+ test
+
+
+
+ org.springframework
+ spring-webmvc
+ test
+
+
+ org.springframework.boot
+ spring-boot-starter-tomcat
+ test
+
+
+
+ org.hibernate.validator
+ hibernate-validator
+ test
+
+
+ org.jboss.logging
+ jboss-logging-annotations
+
+
+ org.jboss.logging
+ jboss-logging-processor
+
+
+
+
+
diff --git a/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2AuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2AuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2AuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2AuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2Token.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2Token.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2Token.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2Token.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/authentication/RolePrivilegeGrantedAuthoritiesConverter.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/RolePrivilegeGrantedAuthoritiesConverter.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/authentication/RolePrivilegeGrantedAuthoritiesConverter.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/authentication/RolePrivilegeGrantedAuthoritiesConverter.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsyOAuth2ClientAutoConfiguration.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsyOAuth2ClientAutoConfiguration.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsyOAuth2ClientAutoConfiguration.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsyOAuth2ClientAutoConfiguration.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfiguration.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfiguration.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfiguration.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfiguration.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/condition/TenantsNotEmptyCondition.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/condition/TenantsNotEmptyCondition.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/condition/TenantsNotEmptyCondition.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/condition/TenantsNotEmptyCondition.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/config/AdditionalCredentials.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/config/AdditionalCredentials.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/config/AdditionalCredentials.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/config/AdditionalCredentials.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/config/IsyOAuth2ClientConfigurationProperties.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/config/IsyOAuth2ClientConfigurationProperties.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/config/IsyOAuth2ClientConfigurationProperties.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/config/IsyOAuth2ClientConfigurationProperties.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/config/IsySecurityConfigurationProperties.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/config/IsySecurityConfigurationProperties.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/config/IsySecurityConfigurationProperties.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/config/IsySecurityConfigurationProperties.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/config/JWTConfigurationProperties.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/config/JWTConfigurationProperties.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/config/JWTConfigurationProperties.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/config/JWTConfigurationProperties.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/Berechtigungsmanager.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/Berechtigungsmanager.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/Berechtigungsmanager.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/Berechtigungsmanager.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Berechtigungsmanager.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Berechtigungsmanager.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Berechtigungsmanager.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Berechtigungsmanager.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Security.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Security.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Security.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/IsyOAuth2Security.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/Security.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/Security.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/Security.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/Security.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/TenantJwsKeySelector.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/TenantJwsKeySelector.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/TenantJwsKeySelector.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/TenantJwsKeySelector.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/TenantJwtIssuerValidator.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/TenantJwtIssuerValidator.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/TenantJwtIssuerValidator.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/TenantJwtIssuerValidator.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/core/package-info.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/core/package-info.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/core/package-info.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/core/package-info.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/Authentifizierungsmanager.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/Authentifizierungsmanager.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/Authentifizierungsmanager.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/Authentifizierungsmanager.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/IsyOAuth2Authentifizierungsmanager.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/IsyOAuth2Authentifizierungsmanager.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/IsyOAuth2Authentifizierungsmanager.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/IsyOAuth2Authentifizierungsmanager.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/Authenticate.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/Authenticate.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/Authenticate.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/Authenticate.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/AuthenticateInterceptor.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/AuthenticateInterceptor.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/AuthenticateInterceptor.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/annotation/AuthenticateInterceptor.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProvider.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProvider.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProvider.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProvider.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProvider.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProvider.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProvider.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProvider.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactory.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactory.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactory.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactory.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyOAuth2AuthenticationProvider.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyOAuth2AuthenticationProvider.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyOAuth2AuthenticationProvider.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyOAuth2AuthenticationProvider.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProvider.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProvider.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProvider.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProvider.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractClientRegistrationAuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractClientRegistrationAuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractClientRegistrationAuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractClientRegistrationAuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractIsyAuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractIsyAuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractIsyAuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/AbstractIsyAuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsClientRegistrationAuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsClientRegistrationAuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsClientRegistrationAuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsClientRegistrationAuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsRegistrationIdAuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsRegistrationIdAuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsRegistrationIdAuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/ClientCredentialsRegistrationIdAuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/PasswordClientRegistrationAuthenticationToken.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/PasswordClientRegistrationAuthenticationToken.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/PasswordClientRegistrationAuthenticationToken.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/token/PasswordClientRegistrationAuthenticationToken.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/util/BhknzHeaderConverterBuilder.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/util/BhknzHeaderConverterBuilder.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/util/BhknzHeaderConverterBuilder.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/client/authentication/util/BhknzHeaderConverterBuilder.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenClaimNames.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenClaimNames.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenClaimNames.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenClaimNames.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtil.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtil.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtil.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtil.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/package-info.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/package-info.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/package-info.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/package-info.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/Privilege.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/Privilege.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/Privilege.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/Privilege.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/PrivilegeContainer.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/PrivilegeContainer.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/PrivilegeContainer.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/PrivilegeContainer.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/Role.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/Role.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/Role.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/Role.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivileges.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivileges.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivileges.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivileges.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMapper.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMapper.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMapper.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMapper.java
diff --git a/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMappingException.java b/isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMappingException.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMappingException.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/security/xmlparser/RolePrivilegesMappingException.java
diff --git a/src/main/java/de/bund/bva/isyfact/util/logging/LoggingKonstanten.java b/isy-security/src/main/java/de/bund/bva/isyfact/util/logging/LoggingKonstanten.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/util/logging/LoggingKonstanten.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/util/logging/LoggingKonstanten.java
diff --git a/src/main/java/de/bund/bva/isyfact/util/logging/MdcHelper.java b/isy-security/src/main/java/de/bund/bva/isyfact/util/logging/MdcHelper.java
similarity index 100%
rename from src/main/java/de/bund/bva/isyfact/util/logging/MdcHelper.java
rename to isy-security/src/main/java/de/bund/bva/isyfact/util/logging/MdcHelper.java
diff --git a/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/isy-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
similarity index 100%
rename from src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
rename to isy-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
diff --git a/src/main/resources/config/isy-security-token.properties b/isy-security/src/main/resources/config/isy-security-token.properties
similarity index 100%
rename from src/main/resources/config/isy-security-token.properties
rename to isy-security/src/main/resources/config/isy-security-token.properties
diff --git a/src/test/java/de/bund/bva/isyfact/security/AbstractOidcProviderTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/AbstractOidcProviderTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/AbstractOidcProviderTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/AbstractOidcProviderTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/BerechtigungsmanagerTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/BerechtigungsmanagerTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/BerechtigungsmanagerTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/BerechtigungsmanagerTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/IsySecurityTestConfiguration.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/IsySecurityTestConfiguration.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/IsySecurityTestConfiguration.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/IsySecurityTestConfiguration.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/AuthorityPrefixTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/AuthorityPrefixTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/AuthorityPrefixTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/AuthorityPrefixTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2TokenTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2TokenTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2TokenTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ClaimsOnlyOAuth2TokenTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerJwtTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerJwtTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerJwtTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerJwtTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerMultiTenancyTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerMultiTenancyTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerMultiTenancyTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/ResourceServerMultiTenancyTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/RolePrivilegesMapperTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/RolePrivilegesMapperTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/RolePrivilegesMapperTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/RolePrivilegesMapperTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/authentication/TokenPropagationTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/TokenPropagationTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/authentication/TokenPropagationTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/authentication/TokenPropagationTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfigurationTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfigurationTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfigurationTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/autoconfigure/IsySecurityAutoConfigurationTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/config/AdditionalCredentialsTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/config/AdditionalCredentialsTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/config/AdditionalCredentialsTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/config/AdditionalCredentialsTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithClientRegistrationsTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithClientRegistrationsTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/core/SecurityWithClientRegistrationsTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithClientRegistrationsTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithoutOAuth2AutoConfigTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithoutOAuth2AutoConfigTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/core/SecurityWithoutOAuth2AutoConfigTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/core/SecurityWithoutOAuth2AutoConfigTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/example/config/OAuth2WebClientConfiguration.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/example/config/OAuth2WebClientConfiguration.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/example/config/OAuth2WebClientConfiguration.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/example/config/OAuth2WebClientConfiguration.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/example/config/SecurityConfig.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/example/config/SecurityConfig.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/example/config/SecurityConfig.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/example/config/SecurityConfig.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/example/rest/ExampleRestController.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/example/rest/ExampleRestController.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/example/rest/ExampleRestController.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/example/rest/ExampleRestController.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/example/service/ExampleMethodAuthentication.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/example/service/ExampleMethodAuthentication.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/example/service/ExampleMethodAuthentication.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/example/service/ExampleMethodAuthentication.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithDisabledCacheTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithDisabledCacheTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithDisabledCacheTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithDisabledCacheTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithLimitedCacheTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithLimitedCacheTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithLimitedCacheTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithLimitedCacheTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithoutClientsConfiguredTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithoutClientsConfiguredTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithoutClientsConfiguredTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/AuthentifizierungsmanagerWithoutClientsConfiguredTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/ClientCredentialsExchangeFilterFunctionAuthenticationTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/ClientCredentialsExchangeFilterFunctionAuthenticationTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/ClientCredentialsExchangeFilterFunctionAuthenticationTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/ClientCredentialsExchangeFilterFunctionAuthenticationTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/CustomAuthenticateInterceptorTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/CustomAuthenticateInterceptorTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/CustomAuthenticateInterceptorTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/CustomAuthenticateInterceptorTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/MethodAuthenticationTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/MethodAuthenticationTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/MethodAuthenticationTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/annotation/MethodAuthenticationTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProviderTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProviderTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProviderTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsAuthorizedClientAuthenticationProviderTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProviderTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProviderTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProviderTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/ClientCredentialsClientRegistrationAuthenticationProviderTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java
similarity index 98%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java
index a63f27b..60de850 100644
--- a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java
+++ b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/IsyAccessTokenDecoderFactoryTest.java
@@ -9,6 +9,7 @@
import java.util.Optional;
import java.util.Set;
+import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.extension.RegisterExtension;
@@ -27,6 +28,7 @@ public class IsyAccessTokenDecoderFactoryTest {
@RegisterExtension
static EmbeddedOidcProviderMock oidcProvider = new EmbeddedOidcProviderMock("localhost", 8080, "/auth/realms/test");
+ @Disabled
@Test
void shouldAcceptTokenWithAccountAudience() {
oidcProvider.addClient("clientId", "secret", Set.of("Rolle_A"));
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProviderTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProviderTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProviderTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/client/authentication/PasswordClientRegistrationAuthenticationProviderTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtilTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtilTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtilTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/security/oauth2/util/IsySecurityTokenUtilTest.java
diff --git a/src/test/java/de/bund/bva/isyfact/util/logging/MdcHelperTest.java b/isy-security/src/test/java/de/bund/bva/isyfact/util/logging/MdcHelperTest.java
similarity index 100%
rename from src/test/java/de/bund/bva/isyfact/util/logging/MdcHelperTest.java
rename to isy-security/src/test/java/de/bund/bva/isyfact/util/logging/MdcHelperTest.java
diff --git a/src/test/resources/application-multi-tenancy.yaml b/isy-security/src/test/resources/application-multi-tenancy.yaml
similarity index 100%
rename from src/test/resources/application-multi-tenancy.yaml
rename to isy-security/src/test/resources/application-multi-tenancy.yaml
diff --git a/src/test/resources/application-resource-server.yaml b/isy-security/src/test/resources/application-resource-server.yaml
similarity index 100%
rename from src/test/resources/application-resource-server.yaml
rename to isy-security/src/test/resources/application-resource-server.yaml
diff --git a/src/test/resources/application-test-clients.yaml b/isy-security/src/test/resources/application-test-clients.yaml
similarity index 100%
rename from src/test/resources/application-test-clients.yaml
rename to isy-security/src/test/resources/application-test-clients.yaml
diff --git a/src/test/resources/application.yaml b/isy-security/src/test/resources/application.yaml
similarity index 100%
rename from src/test/resources/application.yaml
rename to isy-security/src/test/resources/application.yaml
diff --git a/src/test/resources/resources/sicherheit/rollenrechte-no-application-id.xml b/isy-security/src/test/resources/resources/sicherheit/rollenrechte-no-application-id.xml
similarity index 100%
rename from src/test/resources/resources/sicherheit/rollenrechte-no-application-id.xml
rename to isy-security/src/test/resources/resources/sicherheit/rollenrechte-no-application-id.xml
diff --git a/src/test/resources/resources/sicherheit/rollenrechte.xml b/isy-security/src/test/resources/resources/sicherheit/rollenrechte.xml
similarity index 100%
rename from src/test/resources/resources/sicherheit/rollenrechte.xml
rename to isy-security/src/test/resources/resources/sicherheit/rollenrechte.xml
diff --git a/pom.xml b/pom.xml
index cbe8148..a586a86 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,11 +3,11 @@
4.0.0
de.bund.bva.isyfact
- isy-security
+ isy-security-parent
${revision}
- jar
+ pom
- IsyFact-Security
+ IsyFact Security
Komponente für die Autorisierung von Benutzern in IsyFact-Anwendungen.
http://isyfact.de
@@ -25,6 +25,11 @@
https://www.bva.bund.de
+
+ isy-security-test
+ isy-security
+ isy-security-doc
+
scm:git:git://github.com/IsyFact/isy-security.git
@@ -144,39 +149,17 @@
spring-beans
-
- org.springframework.boot
- spring-boot-autoconfigure
-
-
-
- org.springframework.security
- spring-security-config
-
-
org.springframework.security
spring-security-oauth2-jose
-
-
-
- org.springframework.security
- spring-security-oauth2-resource-server
-
-
- org.springframework.security
- spring-security-oauth2-client
- true
-
-
-
-
- org.ehcache
- ehcache
- org.glassfish.jaxb
- jaxb-runtime
+ org.springframework.security
+ spring-security-oauth2-core
+
+
+ org.springframework
+ spring-web
@@ -187,12 +170,6 @@
test
-
- com.fasterxml.jackson.dataformat
- jackson-dataformat-xml
- compile
-
-
org.assertj
assertj-core
@@ -206,18 +183,6 @@
compile
-
- org.springframework.boot
- spring-boot-configuration-processor
- true
-
-
-
- org.springframework.boot
- spring-boot-autoconfigure-processor
- true
-
-
org.springframework
spring-web
@@ -227,12 +192,12 @@
org.springframework.boot
spring-boot-test
test
-
-
-
- org.springframework.boot
- spring-boot-starter-test
- test
+
+
+ org.springframework
+ spring-test
+
+
@@ -241,46 +206,17 @@
test
-
- org.springframework
- spring-webmvc
- test
-
-
org.springframework.boot
spring-boot-starter-tomcat
test
-
- org.springframework.security
- spring-security-test
- test
-
-
net.bytebuddy
byte-buddy
test
-
-
- org.hibernate.validator
- hibernate-validator
- test
-
-
- org.jboss.logging
- jboss-logging-annotations
-
-
- org.jboss.logging
- jboss-logging-processor
-
-
-
-