Examples security validation (#8498)

Signed-off-by: Maxim Nesen <[email protected]>

Author: senivam

examples/config/changes/conf/secrets/password

@@ -1 +1 @@
-^ery$ecretP&ssword
+changeit

examples/config/changes/src/main/java/io/helidon/config/examples/changes/OnChangeExample.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ public void run() {
 
     private static void logSecrets(Config secrets) {
         LOGGER.info("Loaded secrets are u: " + secrets.get("username").asString().get()
-                            + ", p: " + secrets.get("password").asString().get());
+                            + ", p: " + secrets.get("changeit").asString().get());
     }
 
 }

examples/config/sources/conf/secrets/password

@@ -1 +1 @@
-^ery$ecretP&ssword
+changeit

examples/config/sources/src/main/java/io/helidon/config/examples/sources/DirectorySourceExample.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,9 +48,9 @@ public static void main(String... args) {
         System.out.println("Username: " + username);
         assert username.equals("libor");
 
-        String password = secrets.get("password").asString().get();
+        String password = secrets.get("changeit").asString().get();
         System.out.println("Password: " + password);
-        assert password.equals("^ery$ecretP&ssword");
+        assert password.equals("changeit");
     }
 
 }

examples/dbclient/jdbc/README.md

@@ -30,8 +30,9 @@ Instructions for H2 can be found here: http://www.h2database.com/html/cheatSheet
 Instructions for Oracle can be found here: https://github.com/oracle/docker-images/tree/master/OracleDatabase/SingleInstance
 
 MySQL can be run as a docker container with the following command:
-```shell
-docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+
+```
+docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 

examples/dbclient/jdbc/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,10 +40,10 @@ db:
     # MySQL configuration
     #
     # docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 #    url: jdbc:mysql://127.0.0.1:3306/pokemon?useSSL=false
 #    username: user
-#    password: password
+#    password: changeit
 #    poolName: mysql
     #
     # Oracle configuration

examples/dbclient/pokemons/README.md

@@ -67,7 +67,7 @@ For details, see http://www.h2database.com/html/cheatSheet.html
 MySQL:
 ```shell
 docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 

examples/employee-app/src/main/java/io/helidon/service/employee/EmployeeRepositoryImplDB.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2019, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ final class EmployeeRepositoryImplDB implements EmployeeRepository {
         String driver = "oracle.jdbc.driver.OracleDriver";
 
         String dbUserName = config.get("app.user").asString().orElse("sys as SYSDBA");
-        String dbUserPassword = config.get("app.password").asString().orElse("password");
+        String dbUserPassword = config.get("app.password").asString().orElse("changeit");
         String dbHostURL = config.get("app.hosturl").asString().orElse("localhost:1521/xe");
 
         try {

examples/integrations/neo4j/neo4j-mp/pom.xml

@@ -28,7 +28,7 @@
         <relativePath>../../../../applications/mp/pom.xml</relativePath>
     </parent>
     <groupId>io.helidon.examples.integrations.neo4j</groupId>
-    <artifactId>helidon-examples-integration-neo4j-mp</artifactId>
+    <artifactId>helidon-examples-integrations-neo4j-mp</artifactId>
     <name>Helidon Neo4j MP integration Example</name>
 
     <properties>

examples/integrations/neo4j/neo4j-se/pom.xml

@@ -28,7 +28,7 @@
         <relativePath>../../../../applications/se/pom.xml</relativePath>
     </parent>
     <groupId>io.helidon.examples.integrations.neo4j</groupId>
-    <artifactId>helidon-examples-integration-neo4j-se</artifactId>
+    <artifactId>helidon-examples-integrations-neo4j-se</artifactId>
     <name>Helidon Integrations Neo4j SE Example</name>
 
     <properties>

examples/microprofile/idcs/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://tenant-id.identity.oracle.com"
     idcs-client-id: "client-id"
-    idcs-client-secret: "client-secret"
+    idcs-client-secret: "changeit"
     # Used as a base for redirects back to us
     frontend-uri: "http://localhost:7987"
     proxy-host: "if you need proxy"

examples/microprofile/oidc/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
     oidc-identity-uri: "https://tenant.some-server.com/oauth2/default"
     # when you create a new client in identity server configuration, you should get a client id and a client secret
     oidc-client-id: "some client id"
-    oidc-client-secret: "some client secret"
+    oidc-client-secret: "changeit"
     # issuer of the tokens - identity server specific (maybe even configurable)
     oidc-issuer: "https://tenant.some-server.com/oauth2/default"
     # audience of the tokens - identity server specific (usually configurable)

examples/microprofile/security/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,13 +27,13 @@ security:
       realm: "helidon"
       users:
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "password"
+        password: "changeit"
         roles: ["user"]
       - login: "john"
-        password: "password"
+        password: "changeit"
   web-server:
     paths:
     - path: "/static-cp[/{*}]"

examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ server.host=0.0.0.0
 
 #Truststore setup
 server.tls.trust.keystore.resource.resource-path=server.p12
-server.tls.trust.keystore.passphrase=password
+server.tls.trust.keystore.passphrase=changeit
 server.tls.trust.keystore.trust-store=true
 
 #Keystore with private key and server certificate
 server.tls.private-key.keystore.resource.resource-path=server.p12
-server.tls.private-key.keystore.passphrase=password
+server.tls.private-key.keystore.passphrase=changeit

examples/microprofile/tls/src/main/resources/server.p12

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2022, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

examples/openapi-tools/quickstart-se/se-server/src/main/resources/application.yaml

@@ -21,12 +21,13 @@ java -jar target//helidon-examples-security-webserver-basic-uath.jar
 Try the application:
 
 The application starts on a random port, the following assumes it is `56551`
+
 ```shell
 export PORT=37667
-curl http://localhost:${PORT}/public
-curl -u "jill:password" http://localhost:${PORT}/noRoles
-curl -u "john:password" http://localhost:${PORT}/user
-curl -u "jack:password" http://localhost:${PORT}/admin
-curl -v -u "john:password" http://localhost:${PORT}/deny
-curl -u "jack:password" http://localhost:${PORT}/noAuthn
+curl http://localhost:56551/public
+curl -u "jill:changeit" http://localhost:${PORT}/noRoles
+curl -u "john:changeit" http://localhost:${PORT}/user
+curl -u "jack:changeit" http://localhost:${PORT}/admin
+curl -v -u "john:changeit" http://localhost:${PORT}/deny
+curl -u "jack:changeit" http://localhost:${PORT}/noAuthn
 ```

examples/security/basic-auth-with-static-content/README.md

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

examples/security/basic-auth-with-static-content/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://your-tenant-id.identity.oracle.com"
     idcs-client-id: "your-client-id"
-    idcs-client-secret: "${CLEAR=your-client-secret}"
+    idcs-client-secret: "${CLEAR=changeit}"
     proxy-host: ""
   providers:
   - abac:

examples/security/idcs-login/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -135,7 +135,7 @@ private Subject login() {
         SecurityContext securityContext = CONTEXT.get();
         securityContext.env(securityContext.env().derive()
                                        .path("/some/path")
-                                       .header("Authorization", buildBasic("aUser", "aPassword")));
+                                       .header("Authorization", buildBasic("aUser", "changeit")));
 
         AuthenticationResponse response = securityContext.atnClientBuilder().buildAndGet();
 

examples/security/nohttp-programmatic/src/main/java/io/helidon/security/examples/security/ProgrammaticSecurity.java

@@ -12,9 +12,10 @@ java -jar target/helidon-examples-security-outbound-override.jar
 ```
 
 Try the endpoints:
+
 ```shell
-curl -u "jack:password" http://localhost:8080/propagate
-curl -u "jack:password" http://localhost:8080/override
-curl -u "jill:anotherPassword" http://localhost:8080/propagate
-curl -u "jill:anotherPassword" http://localhost:8080/override
+curl -u "jack:changeit" http://localhost:8080/propagate
+curl -u "jack:changeit" http://localhost:8080/override
+curl -u "jill:changeit" http://localhost:8080/propagate
+curl -u "jill:changeit" http://localhost:8080/override
 ```

examples/security/outbound-override/README.md

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -94,7 +94,7 @@ private static void override(ServerRequest req, ServerResponse res) {
 
         webTarget(servingPort)
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jill")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "anotherPassword")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .thenAccept(result -> res.send("You are: " + context.userName()
                                                        + ", backend service returned: " + result + "\n"))

examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,13 +25,13 @@ security:
   - http-basic-auth:
       users:
       - login: "john"
-        password: "johnnyPassword"
+        password: "changeit"
         roles: ["admin"]
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
   - jwt:
       allow-impersonation: true

examples/security/outbound-override/src/main/resources/client-service-jwt.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,13 +19,13 @@ security:
   - http-basic-auth:
       users:
       - login: "john"
-        password: "johnnyPassword"
+        password: "changeit"
         roles: ["admin"]
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
       outbound:
         - name: "propagate-all"

examples/security/outbound-override/src/main/resources/client-service.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,10 +19,10 @@ security:
   - http-basic-auth:
       users:
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
   web-server:
     defaults:

examples/security/outbound-override/src/main/resources/serving-service.yaml

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ public void testOverrideExample() {
         String value = webClient.get()
                 .path("/override")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();
 
@@ -73,7 +73,7 @@ public void testPropagateExample() {
         String value = webClient.get()
                 .path("/propagate")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();