Please enable JavaScript.
Coggle requires JavaScript to display documents.
GW SI Security Phase 1 - Coggle Diagram
GW SI Security
Phase 1
1 Create a POC with Secured Services
Option 3 implemented for UI :check:
Readup on
Spring Boot +oauth
Implement Method level
RBAC via jwt and WebSecConfigurer
using Keycloak
create poc methods
checkBasic
checkFree
checkDev
checkDev2
checkAnon
getToken
Test out using Postman
2b POC API GW - okta integration
to validate access tokens
implement API GW - Keycloak
integration to validate tokens
implement API GW - Okta
to validate access tokens
Reconfirm our resource server does not
neet to talk with kc/okta
validate how does keycloak be
configured for a persistent db
make a gateway setup for poc microservices. test it
push two poc services to RHOS
create docker file and build images
4 Enable basic kc security for SI PRV,
test secure calls from mock MES modules
make Liveness and actuators with no token nor role checks
in SI PRV
Add security to provider with permitAll for all methods
Setup private client applications and
credentials in KC with right roles
test secure calls from mock MES modules to SI Provider
3 create mock MES modules
call SI services (no security)
create Mock PRV Module in Spring Boot
Make Mock PRV module call end points in SI PRV module - with security
Create Mock MEM module like PRV
test calls to MEM mock to ResourceServer as well
create new end points that trigger ResourceServer end points INQ, CRE/UPD
add new roles for Member in keycloak
call ResourceServer end points (no security) - login end point
5 Implement Okta RBAC Security in
SI Provider with API/GW
Consolidate CORS to one place in API GW.
remove from services (cant call them directly after this)
implement SI PRV RBAC without internal role mapping
Note: Create as a second PRV instance. leave the old PRV as is
setup 3Scale Okta integration based on POC
test it out via API GW using Postman
make a gateway setup for PRV microservices. test it
6 Setup client applications in API G/W
and end point aggregation by app id
Setup all client applications in 3Scale
Setup SI modules end point aggregations in 3Scale
setup correct roles and permissions in 3scale
for all client applications
setup private client applications in Okta
:warning:
we will need help from security team/ our own access
7 Implement Okta 3Scale RBAC Security in
all SI modules
Implement RBAC in SI Member with specific roles
implement code from POC for role mapping from file/ config table
Implement RBACs in SI Config with specific roles
Implement RBAC in SI Provider with specific roles
test everything
8 Create a plan and test +ve and -ve test cases for ui app and MES modules
9 Documentation of the security setup
2a Implement internal external roles mapping
implement prv external roles in keycloak :check:
create a converter from ext roles to int roles :check:
Create client file
that maps si internal to what is in auth server :check:
Define a full set of si internal and external roles :check:
create users with roles similar to AD :check:
test users + roles calling poc resource server directly :check:
create security configuration without WebSecurityConfigureAdapter :check: