Compare commits
8 Commits
65d1e6a440
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
45ae712c0f | ||
|
|
788cc04a0b | ||
|
|
659c059c18 | ||
|
|
72da33ab5a | ||
|
|
15ec24a47c | ||
|
|
ffc420d819 | ||
|
|
0bb0198f53 | ||
|
|
e05eae08fe |
133
.gitignore
vendored
Normal file
133
.gitignore
vendored
Normal file
@@ -0,0 +1,133 @@
|
||||
# ============================================================================
|
||||
# Lions User Manager - Server Implementation Quarkus - .gitignore
|
||||
# ============================================================================
|
||||
|
||||
# Maven
|
||||
target/
|
||||
pom.xml.tag
|
||||
pom.xml.releaseBackup
|
||||
pom.xml.versionsBackup
|
||||
pom.xml.next
|
||||
release.properties
|
||||
dependency-reduced-pom.xml
|
||||
buildNumber.properties
|
||||
.mvn/timing.properties
|
||||
.mvn/wrapper/maven-wrapper.jar
|
||||
|
||||
# Build artifacts
|
||||
*.jar
|
||||
*.war
|
||||
*.ear
|
||||
*.class
|
||||
*.idx
|
||||
|
||||
# Eclipse
|
||||
.project
|
||||
.classpath
|
||||
.settings/
|
||||
.metadata/
|
||||
bin/
|
||||
|
||||
# IntelliJ IDEA
|
||||
.idea/
|
||||
*.iml
|
||||
*.iws
|
||||
*.ipr
|
||||
out/
|
||||
|
||||
# NetBeans
|
||||
nbproject/
|
||||
nbbuild/
|
||||
nbdist/
|
||||
.nb-gradle/
|
||||
|
||||
# VS Code
|
||||
.vscode/
|
||||
*.code-workspace
|
||||
|
||||
# Mac
|
||||
.DS_Store
|
||||
|
||||
# Windows
|
||||
Thumbs.db
|
||||
ehthumbs.db
|
||||
Desktop.ini
|
||||
|
||||
# Logs
|
||||
logs/
|
||||
*.log
|
||||
*.log.*
|
||||
hs_err_pid*.log
|
||||
|
||||
# Quarkus
|
||||
.quarkus/
|
||||
quarkus-app/
|
||||
quarkus-run.jar
|
||||
quarkus-*.dat
|
||||
|
||||
# Temporary files
|
||||
*.tmp
|
||||
*.bak
|
||||
*.swp
|
||||
*~
|
||||
*.orig
|
||||
|
||||
# Test files and reports
|
||||
test_output*.txt
|
||||
surefire-reports/
|
||||
failsafe-reports/
|
||||
*.dump
|
||||
*.dumpstream
|
||||
|
||||
# Test coverage
|
||||
.jacoco/
|
||||
jacoco.exec
|
||||
coverage/
|
||||
target/site/jacoco/
|
||||
|
||||
# Application specific
|
||||
application-local.properties
|
||||
application-*.local.properties
|
||||
|
||||
# Configuration files with sensitive data
|
||||
*.local.json
|
||||
|
||||
# Token and authentication files
|
||||
token.json
|
||||
token.txt
|
||||
*.token
|
||||
|
||||
# Generated sources
|
||||
generated-sources/
|
||||
generated-test-sources/
|
||||
|
||||
# Maven status
|
||||
maven-status/
|
||||
|
||||
# Build metrics
|
||||
build-metrics.json
|
||||
|
||||
# Quarkus Dev Services
|
||||
.devservices/
|
||||
|
||||
# Fichiers META-INF générés (reflection-config.json est généré par Quarkus)
|
||||
**/META-INF/reflection-config.json
|
||||
|
||||
# IDE specific
|
||||
*.sublime-project
|
||||
*.sublime-workspace
|
||||
|
||||
# OS specific
|
||||
.DS_Store?
|
||||
._*
|
||||
.Spotlight-V100
|
||||
.Trashes
|
||||
|
||||
# Lombok configuration (généré automatiquement)
|
||||
lombok.config
|
||||
|
||||
# Environment files
|
||||
.env
|
||||
.env.local
|
||||
.env.*.local
|
||||
|
||||
@@ -450,7 +450,7 @@ public class UserServiceImpl implements UserService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public int importUsersFromCSV(@NotBlank String csvContent, @NotBlank String realmName) {
|
||||
public dev.lions.user.manager.dto.importexport.ImportResultDTO importUsersFromCSV(@NotBlank String csvContent, @NotBlank String realmName) {
|
||||
// TODO: Implémenter l'import CSV
|
||||
throw new UnsupportedOperationException("Import CSV non implémenté");
|
||||
}
|
||||
|
||||
@@ -1,113 +1,113 @@
|
||||
# ============================================================================
|
||||
# Lions User Manager - Server Implementation Configuration - PRODUCTION
|
||||
# Lions User Manager Server - Configuration Production
|
||||
# ============================================================================
|
||||
# Ce fichier contient TOUTES les propriétés spécifiques à la production
|
||||
# Il surcharge et complète application.properties
|
||||
# ============================================================================
|
||||
|
||||
# HTTP Configuration
|
||||
quarkus.http.port=8081
|
||||
quarkus.http.host=0.0.0.0
|
||||
quarkus.http.cors=true
|
||||
quarkus.http.cors.origins=https://btpxpress.lions.dev,https://admin.lions.dev
|
||||
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
|
||||
quarkus.http.cors.headers=*
|
||||
# ============================================
|
||||
# HTTP Configuration PROD
|
||||
# ============================================
|
||||
quarkus.http.port=8080
|
||||
|
||||
# Keycloak OIDC Configuration (PROD)
|
||||
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/master
|
||||
quarkus.oidc.client-id=lions-user-manager
|
||||
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
|
||||
quarkus.oidc.tls.verification=required
|
||||
quarkus.oidc.application-type=service
|
||||
# CORS restrictif en production (via variable d'environnement) - autoriser le frontend users.lions.dev
|
||||
quarkus.http.cors.origins=${CORS_ORIGINS:https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev}
|
||||
|
||||
# Keycloak Admin Client Configuration (PROD)
|
||||
lions.keycloak.server-url=https://security.lions.dev
|
||||
lions.keycloak.admin-realm=master
|
||||
lions.keycloak.admin-client-id=admin-cli
|
||||
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME}
|
||||
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD}
|
||||
lions.keycloak.connection-pool-size=20
|
||||
lions.keycloak.timeout-seconds=60
|
||||
|
||||
# Realms autorisés (PROD)
|
||||
lions.keycloak.authorized-realms=btpxpress,lions-realm
|
||||
|
||||
# Circuit Breaker Configuration (PROD - strict)
|
||||
quarkus.smallrye-fault-tolerance.enabled=true
|
||||
|
||||
# Retry Configuration (PROD)
|
||||
lions.keycloak.retry.max-attempts=5
|
||||
lions.keycloak.retry.delay-seconds=3
|
||||
|
||||
# Audit Configuration (PROD)
|
||||
lions.audit.enabled=true
|
||||
lions.audit.log-to-database=true
|
||||
lions.audit.log-to-file=true
|
||||
lions.audit.retention-days=365
|
||||
|
||||
# Database Configuration (PROD - obligatoire pour audit)
|
||||
quarkus.datasource.db-kind=postgresql
|
||||
quarkus.datasource.username=${DB_USERNAME:audit_user}
|
||||
quarkus.datasource.password=${DB_PASSWORD}
|
||||
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit}
|
||||
quarkus.datasource.jdbc.max-size=20
|
||||
quarkus.datasource.jdbc.min-size=5
|
||||
quarkus.hibernate-orm.database.generation=none
|
||||
quarkus.flyway.migrate-at-start=true
|
||||
quarkus.flyway.baseline-on-migrate=true
|
||||
quarkus.flyway.baseline-version=1.0.0
|
||||
|
||||
# Logging Configuration (PROD)
|
||||
# ============================================
|
||||
# Logging PROD (moins verbeux)
|
||||
# ============================================
|
||||
quarkus.log.level=INFO
|
||||
quarkus.log.category."dev.lions.user.manager".level=INFO
|
||||
quarkus.log.category."org.keycloak".level=WARN
|
||||
quarkus.log.category."io.quarkus".level=WARN
|
||||
|
||||
quarkus.log.console.enable=true
|
||||
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
|
||||
quarkus.log.console.json=true
|
||||
|
||||
# File Logging pour Audit (PROD)
|
||||
quarkus.log.file.enable=true
|
||||
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
|
||||
quarkus.log.file.rotation.max-file-size=50M
|
||||
quarkus.log.file.rotation.max-backup-index=30
|
||||
quarkus.log.file.rotation.rotate-on-boot=false
|
||||
# File Logging désactivé en prod Kubernetes (utilise stdout pour logs centralisés)
|
||||
# quarkus.log.file.path=/var/log/lions/lions-user-manager.log
|
||||
# quarkus.log.file.rotation.max-file-size=50M
|
||||
# quarkus.log.file.rotation.max-backup-index=30
|
||||
# quarkus.log.file.rotation.rotate-on-boot=false
|
||||
|
||||
# OpenAPI/Swagger Configuration (PROD - désactivé par défaut)
|
||||
quarkus.swagger-ui.always-include=false
|
||||
quarkus.swagger-ui.path=/swagger-ui
|
||||
# ============================================
|
||||
# OIDC Configuration PROD - OBLIGATOIRE ET ACTIF
|
||||
# ============================================
|
||||
quarkus.oidc.enabled=true
|
||||
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-server}
|
||||
# Client bearer-only - pas de secret nécessaire
|
||||
# quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
|
||||
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
|
||||
|
||||
# Vérification TLS requise en production
|
||||
quarkus.oidc.tls.verification=required
|
||||
|
||||
# Vérification stricte des tokens
|
||||
quarkus.oidc.discovery-enabled=true
|
||||
# quarkus.oidc.verify-access-token=true # Propriété non reconnue
|
||||
|
||||
# Extraction des rôles
|
||||
quarkus.oidc.roles.role-claim-path=realm_access/roles
|
||||
|
||||
# ============================================
|
||||
# Keycloak Admin Client Configuration PROD
|
||||
# ============================================
|
||||
lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
|
||||
lions.keycloak.admin-realm=${KEYCLOAK_ADMIN_REALM:master}
|
||||
lions.keycloak.admin-client-id=admin-cli
|
||||
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME:admin}
|
||||
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD:KeycloakAdmin2025!}
|
||||
|
||||
# Pool de connexions augmenté en production
|
||||
lions.keycloak.connection-pool-size=20
|
||||
lions.keycloak.timeout-seconds=60
|
||||
|
||||
# Realms autorisés en production (via variable d'environnement)
|
||||
lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:lions-user-manager,btpxpress,master,unionflow}
|
||||
|
||||
# ============================================
|
||||
# Retry Configuration PROD
|
||||
# ============================================
|
||||
lions.keycloak.retry.max-attempts=5
|
||||
lions.keycloak.retry.delay-seconds=3
|
||||
|
||||
# ============================================
|
||||
# Audit Configuration PROD
|
||||
# ============================================
|
||||
lions.audit.retention-days=365
|
||||
lions.audit.log-to-database=true
|
||||
|
||||
# ============================================
|
||||
# Database Configuration PROD - Désactivé complètement
|
||||
# ============================================
|
||||
quarkus.datasource.devservices.enabled=false
|
||||
quarkus.datasource.health.enabled=false
|
||||
|
||||
# ============================================
|
||||
# OpenAPI/Swagger Configuration PROD
|
||||
# ============================================
|
||||
# Swagger désactivé en production par défaut (build-time property)
|
||||
# quarkus.swagger-ui.always-include=false
|
||||
quarkus.swagger-ui.enable=false
|
||||
|
||||
# Dev Services (désactivé en PROD)
|
||||
quarkus.devservices.enabled=false
|
||||
# ============================================
|
||||
# Security Configuration PROD (strict)
|
||||
# ============================================
|
||||
# Ces propriétés sont build-time, configurées dans application.properties
|
||||
# quarkus.security.auth.enabled=true
|
||||
# quarkus.security.jaxrs.deny-unannotated-endpoints=true
|
||||
# quarkus.security.auth.proactive=true
|
||||
|
||||
# Security Configuration (PROD - strict)
|
||||
quarkus.security.jaxrs.deny-unannotated-endpoints=true
|
||||
# ============================================
|
||||
# Performance tuning PROD
|
||||
# ============================================
|
||||
quarkus.thread-pool.core-threads=4
|
||||
quarkus.thread-pool.max-threads=32
|
||||
quarkus.thread-pool.queue-size=200
|
||||
|
||||
# Health Check Configuration (PROD)
|
||||
quarkus.smallrye-health.root-path=/health
|
||||
quarkus.smallrye-health.liveness-path=/health/live
|
||||
quarkus.smallrye-health.readiness-path=/health/ready
|
||||
|
||||
# Metrics Configuration (PROD)
|
||||
quarkus.micrometer.enabled=true
|
||||
quarkus.micrometer.export.prometheus.enabled=true
|
||||
quarkus.micrometer.export.prometheus.path=/metrics
|
||||
|
||||
# Jackson Configuration (PROD)
|
||||
quarkus.jackson.fail-on-unknown-properties=false
|
||||
quarkus.jackson.write-dates-as-timestamps=false
|
||||
quarkus.jackson.serialization-inclusion=non_null
|
||||
|
||||
# Performance tuning (PROD)
|
||||
quarkus.thread-pool.core-threads=2
|
||||
quarkus.thread-pool.max-threads=16
|
||||
quarkus.thread-pool.queue-size=100
|
||||
|
||||
# SSL/TLS Configuration (PROD)
|
||||
quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
|
||||
quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
|
||||
quarkus.http.ssl.certificate.key-store-file-type=PKCS12
|
||||
|
||||
# Monitoring & Observability
|
||||
quarkus.log.handler.gelf.enabled=false
|
||||
quarkus.log.handler.gelf.host=${GRAYLOG_HOST:logs.lions.dev}
|
||||
quarkus.log.handler.gelf.port=${GRAYLOG_PORT:12201}
|
||||
# ============================================
|
||||
# SSL/TLS Configuration PROD (optionnel)
|
||||
# ============================================
|
||||
# Décommenter si le serveur gère le SSL directement (sinon géré par Ingress/Load Balancer)
|
||||
# quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
|
||||
# quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
|
||||
# quarkus.http.ssl.certificate.key-store-file-type=PKCS12
|
||||
|
||||
@@ -33,8 +33,7 @@ lions.keycloak.timeout-seconds=30
|
||||
# Realms autorisés (séparés par virgule)
|
||||
lions.keycloak.authorized-realms=btpxpress,master,lions-realm
|
||||
|
||||
# Circuit Breaker Configuration
|
||||
quarkus.smallrye-fault-tolerance.enabled=true
|
||||
# Circuit Breaker Configuration (SmallRye Fault Tolerance est activé par défaut)
|
||||
|
||||
# Retry Configuration (pour appels Keycloak)
|
||||
lions.keycloak.retry.max-attempts=3
|
||||
@@ -46,14 +45,22 @@ lions.audit.log-to-database=false
|
||||
lions.audit.log-to-file=true
|
||||
lions.audit.retention-days=90
|
||||
|
||||
# Database Configuration (optionnel - pour logs d'audit)
|
||||
# Décommenter si vous voulez persister les logs d'audit en DB
|
||||
#quarkus.datasource.db-kind=postgresql
|
||||
#quarkus.datasource.username=${DB_USERNAME:audit_user}
|
||||
#quarkus.datasource.password=${DB_PASSWORD:audit_pass}
|
||||
#quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_NAME:lions_audit}
|
||||
#quarkus.hibernate-orm.database.generation=none
|
||||
#quarkus.flyway.migrate-at-start=true
|
||||
# Database Configuration (pour logs d'audit et données opérationnelles)
|
||||
# DÉSACTIVÉ - Non utilisé en production (logs gérés par Kubernetes)
|
||||
quarkus.datasource.health.enabled=false
|
||||
quarkus.datasource.devservices.enabled=false
|
||||
quarkus.datasource.db-kind=postgresql
|
||||
quarkus.datasource.username=${DB_USERNAME:lions_user}
|
||||
quarkus.datasource.password=${DB_PASSWORD:lions_password}
|
||||
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_NAME:lions_user_manager}
|
||||
|
||||
# Hibernate ORM Configuration
|
||||
quarkus.hibernate-orm.database.generation=update
|
||||
quarkus.hibernate-orm.log.sql=false
|
||||
|
||||
# Flyway Configuration
|
||||
# DÉSACTIVÉ - Pas de base de données en production
|
||||
quarkus.flyway.migrate-at-start=false
|
||||
|
||||
# Logging Configuration
|
||||
quarkus.log.level=INFO
|
||||
@@ -64,10 +71,11 @@ quarkus.log.console.enable=true
|
||||
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
|
||||
|
||||
# File Logging pour Audit
|
||||
quarkus.log.file.enable=true
|
||||
quarkus.log.file.path=logs/lions-user-manager.log
|
||||
quarkus.log.file.rotation.max-file-size=10M
|
||||
quarkus.log.file.rotation.max-backup-index=10
|
||||
# DÉSACTIVÉ - Logs gérés par Kubernetes (stdout/stderr)
|
||||
quarkus.log.file.enable=false
|
||||
# quarkus.log.file.path=logs/lions-user-manager.log
|
||||
# quarkus.log.file.rotation.max-file-size=10M
|
||||
# quarkus.log.file.rotation.max-backup-index=10
|
||||
|
||||
# OpenAPI/Swagger Configuration
|
||||
quarkus.swagger-ui.always-include=true
|
||||
|
||||
Reference in New Issue
Block a user