Merge remote-tracking branch 'origin/dev' into update-docu

# Conflicts:
#	docs/.vitepress/config.mts

.github/workflows/wls-admin-service_pull-request.yml

@@ -0,0 +1,14 @@
+name: verify pull request admin-service
+
+on:
+  pull_request:
+    paths:
+      - 'wls-admin-service/**'
+      - '.github/workflows/wls-admin-service_pull-request.yml'
+
+jobs:
+  verify-pull-request:
+    uses:
+      ./.github/workflows/callable-run-mvn-verify.yml
+    with:
+      pom-dir: 'wls-admin-service'

.github/workflows/wls-admin-service_push-dev.yml

@@ -0,0 +1,18 @@
+name: build push dev admin-service
+
+on:
+  push:
+    branches:
+      - dev
+    paths:
+      - 'wls-admin-service/**'
+      - '.github/workflows/wls-admin-service_push-dev.yml'
+
+jobs:
+  build-github-container-image:
+    permissions:
+      packages: write
+    uses:
+      ./.github/workflows/callable-create-github-container-image.yml
+    with:
+      service: 'wls-admin-service'

docs/.vitepress/config.mts

@@ -76,6 +76,7 @@ export default withMermaid({
                 {text: 'Ergebnismeldung-Service', link: `${PATH_SERVICES}ergebnismeldung-service/`},
                 {text: 'Auth-Service', link: `${PATH_SERVICES}auth-service/`},
                 {text: 'Vorfälle und Vorkommnisse-Service', link: `${PATH_SERVICES}vorfaelleundvorkommnisse-service/`},
+                {text: 'Admin-Service', link: `${PATH_SERVICES}admin-service/`},
             ],
         },
 

docs/src/features/admin-service/index.md

@@ -0,0 +1,18 @@
+# Admin-Service
+
+Der Service dient als Fassade für die admin-gui für den Zugriff auf andere Microservices.
+
+## Abhängigkeiten
+
+Der Service nutzt folgende Services
+
+- Basisdaten
+- Ergebnismeldung
+- Infomanagement
+- Auth
+
+## Daten und Funktionen
+
+- Verwaltung der Benutzer
+- Festlegung des Wahltages
+- Verwaltung der Wahltermindaten

docs/src/services/auth-service/index.md

@@ -2,17 +2,21 @@
 
 Zuständig für die Authentifizierung und Verwaltung der Rechte der User des Systems.
 
+Der Service stellt auch die Loginmaske zur Verfügung. Dazu wird [Freemarker](https://freemarker.apache.org/index.html)
+verwendet. Mittels [wro4j](https://github.com/wro4j/wro4j) werden JavaScript Ressource (jquery und Bootstrap)
+zur Verfügung gestellt. Im Projekt sind zusätzliche Ressourcen im Ordner `resources-non-filtered` hinterlegt.
+
 ## Abhängigkeiten
 
-Der Service hat keine Abhängigkeiten zu anderen Services.
+- Infomanagement-Service
 
 ## Datenmodell
 
 ```mermaid
 
 erDiagram
-    User 1--0+ Authority : hat
-    Authority 1--0+ Permission : hat
+    User 1+--0+ Authority : hat
+    Authority 1+--0+ Permission : hat
     User 1--|o LoginAttempt : unternahm
     
     User {
@@ -44,14 +48,36 @@ erDiagram
 
 > [!IMPORTANT]
 > Der Benutzername liegt in der Datenbank nur verschlüsselt vor.
+ 
+## Login
+
+```mermaid
 
+sequenceDiagram
+    
+    actor User
+    
+    User->>+AuthService : Request Login
+    
+    AuthService->>AuthService: bestimme LoginView
+    alt LoginView == Wahllokalsystem
+        AuthService->>+InfomanagementService : get Willkommenstext Konfiguration
+        InfomanagementService->>-AuthService : Willkommenstext
+    end
+    AuthService->>AuthService: ergänze Werte für View
+    
+    AuthService->>-User : LoginView
+```
 
 ## Konfigrationsparameter
 
 Alle Konfigurationsparameter beginnen mit dem Prefix `serviceauth`
 
-| Name | Beschreibung                                                                           | Default |
-| ---- |----------------------------------------------------------------------------------------| ------- |
+| Name                    | Beschreibung                                                                           | Default |
+|-------------------------|----------------------------------------------------------------------------------------| ------- |
 | crypto.encryptionPrefix | String vor dem verschlüssten Wert. Auf diese Weise sind verschlüsselte Werte erkennbar | ENCRYPTED: |
-| crypto.key | Schlüssel zum ver- und entschlüsseln                                                   | |
-| maxLoginAttempts | Maximale Anzahl an Fehlersuchen bis der Account gesperrt wird.                         | 5 |
+| crypto.key              | Schlüssel zum ver- und entschlüsseln                                                   | |
+| maxLoginAttempts        | Maximale Anzahl an Fehlersuchen bis der Account gesperrt wird.                         | 5 |
+| clients.infomanagement.basepath | URL zum Infomanagement-Service | `http://localhost:39146` |
+| clients.infomanagement.configkey.welcomeMessage | Schlüssel für Konfiguration der Willkommensnachricht | WILLKOMMENSTEXT |
+| serviceauth.welcomemessage.default | Standartd Willkommensnachricht falls die definierte Willkommensnachricht nicht geladen werden kann | Willkommen zur Wahl! |

stack/keycloak/migration/add-authorities-monitoring-waehleranzahl.yml

@@ -0,0 +1,46 @@
+id: add authorities monitoring waehleranzahl
+author: dragonfly28
+realm: ${SSO_REALM}
+changes:
+  - addRole:
+      name: Monitoring_BUSINESSACTION_GetWahlbeteiligung
+      clientRole: true
+      clientId: ${SSO_CLIENT_ID}
+  - assignRoleToGroup:
+      group: allMonitoringAuthorities
+      role: Monitoring_BUSINESSACTION_GetWahlbeteiligung
+      clientId: ${SSO_CLIENT_ID}
+
+  - addRole:
+      name: Monitoring_BUSINESSACTION_PostWahlbeteiligung
+      clientRole: true
+      clientId: ${SSO_CLIENT_ID}
+  - assignRoleToGroup:
+      group: allMonitoringAuthorities
+      role: Monitoring_BUSINESSACTION_PostWahlbeteiligung
+      clientId: ${SSO_CLIENT_ID}
+
+  - addRole:
+      name: Monitoring_READ_Waehleranzahl
+      clientRole: true
+      clientId: ${SSO_CLIENT_ID}
+  - assignRoleToGroup:
+      group: allMonitoringAuthorities
+      role: Monitoring_READ_Waehleranzahl
+      clientId: ${SSO_CLIENT_ID}
+  - addRole:
+      name: Monitoring_WRITE_Waehleranzahl
+      clientRole: true
+      clientId: ${SSO_CLIENT_ID}
+  - assignRoleToGroup:
+      group: allMonitoringAuthorities
+      role: Monitoring_WRITE_Waehleranzahl
+      clientId: ${SSO_CLIENT_ID}
+  - addRole:
+      name: Monitoring_DELETE_Waehleranzahl
+      clientRole: true
+      clientId: ${SSO_CLIENT_ID}
+  - assignRoleToGroup:
+      group: allMonitoringAuthorities
+      role: Monitoring_DELETE_Waehleranzahl
+      clientId: ${SSO_CLIENT_ID}

stack/keycloak/migration/create-group-all-monitoring-authorities.yml

@@ -0,0 +1,15 @@
+id: create group allMonitoringAuthorities and link wls_all*
+author: dragonfly28
+realm: ${SSO_REALM}
+changes:
+  - addGroup:
+      name: allMonitoringAuthorities
+  - assignGroup:
+      user: wls_all
+      group: allMonitoringAuthorities
+  - assignGroup:
+      user: wls_all_uwb
+      group: allMonitoringAuthorities
+  - assignGroup:
+      user: wls_all_bwb
+      group: allMonitoringAuthorities

stack/keycloak/migration/keycloak-changelog.yml

@@ -44,3 +44,5 @@ includes:
   - path: add-authorities-vorfaelleundvorkommnisse.yml
   - path: add-authorities-eai-ergebnismeldung.yml
   - path: add-authorities-basisdaten-wahltermindaten.yml
+  - path: create-group-all-monitoring-authorities.yml
+  - path: add-authorities-monitoring-waehleranzahl.yml

stack/oracle-database/add-user-on-startup.sql

@@ -46,4 +46,8 @@ GRANT CONNECT, RESOURCE, CREATE SESSION TO wls_auth_service;
 
 -- add user for wls-vorfaelleundvorkommnisse-service
 CREATE USER wls_vorfaelleundvorkommnisse_service IDENTIFIED BY secret QUOTA UNLIMITED ON USERS;
-GRANT CONNECT, RESOURCE, CREATE SESSION TO wls_vorfaelleundvorkommnisse_service;
+GRANT CONNECT, RESOURCE, CREATE SESSION TO wls_vorfaelleundvorkommnisse_service;
+
+-- add user for wls-admin-service
+CREATE USER wls_admin_service IDENTIFIED BY secret QUOTA UNLIMITED ON USERS;
+GRANT CONNECT, RESOURCE, CREATE SESSION TO wls_admin_service;

wls-admin-service/.gitignore

@@ -0,0 +1,31 @@
+# Covers Maven specific
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+!/.mvn/wrapper/maven-wrapper.jar
+
+# Covers Eclipse specific:
+.settings/
+.classpath
+.project
+
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+.idea
+*.iml
+
+# Covers Netbeans:
+**/nbproject/private/
+**/nbproject/Makefile-*.mk
+**/nbproject/Package-*.bash
+build/
+nbbuild/
+dist/
+nbdist/
+.nb-gradle/
+

wls-admin-service/Dockerfile

@@ -0,0 +1,3 @@
+FROM registry.access.redhat.com/ubi8/openjdk-17:latest
+
+COPY target/*.jar /deployments/spring-boot-application.jar

wls-admin-service/checkstyle.xml

@@ -0,0 +1,101 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC
+        "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+        "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<module name = "Checker">
+    <property name="charset" value="UTF-8"/>
+
+    <property name="severity" value="error"/>
+
+    <property name="fileExtensions" value="java, properties, xml"/>
+    <module name="BeforeExecutionExclusionFileFilter">
+        <property name="fileNamePattern" value="module\-info\.java$"/>
+    </module>
+
+    <module name="TreeWalker">
+        <module name="OuterTypeFilename"/>
+        <module name="NoLineWrap">
+            <property name="tokens" value="PACKAGE_DEF, IMPORT, STATIC_IMPORT"/>
+        </module>
+        <module name="LeftCurly" />
+        <module name="RightCurly" />
+        <module name="WhitespaceAfter"/>
+        <module name="WhitespaceAround">
+            <property name="allowEmptyConstructors" value="true"/>
+            <property name="allowEmptyLambdas" value="true"/>
+            <property name="allowEmptyMethods" value="true"/>
+            <property name="allowEmptyTypes" value="true"/>
+            <property name="allowEmptyLoops" value="true"/>
+            <property name="allowEmptyCatches" value="true"/>
+            <property name="ignoreEnhancedForColon" value="false"/>
+            <property name="tokens"
+                      value="ASSIGN, BAND, BAND_ASSIGN, BOR, BOR_ASSIGN, BSR, BSR_ASSIGN, BXOR,
+                    BXOR_ASSIGN, COLON, DIV, DIV_ASSIGN, DO_WHILE, EQUAL, GE, GT, LAMBDA, LAND,
+                    LCURLY, LE, LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY,
+                    LITERAL_FOR, LITERAL_IF, LITERAL_RETURN, LITERAL_SWITCH, LITERAL_SYNCHRONIZED,
+                    LITERAL_TRY, LITERAL_WHILE, LOR, LT, MINUS, MINUS_ASSIGN, MOD, MOD_ASSIGN,
+                    NOT_EQUAL, PLUS, PLUS_ASSIGN, QUESTION, RCURLY, SL, SLIST, SL_ASSIGN, SR,
+                    SR_ASSIGN, STAR, STAR_ASSIGN, LITERAL_ASSERT, TYPE_EXTENSION_AND"/>
+            <message key="ws.notFollowed"
+                     value="WhitespaceAround: ''{0}'' is not followed by whitespace. Empty blocks may only be represented as '{}' when not part of a multi-block statement (4.1.3)"/>
+            <message key="ws.notPreceded"
+                     value="WhitespaceAround: ''{0}'' is not preceded with whitespace."/>
+        </module>
+        <module name="GenericWhitespace">
+            <message key="ws.followed"
+                     value="GenericWhitespace ''{0}'' is followed by whitespace."/>
+            <message key="ws.preceded"
+                     value="GenericWhitespace ''{0}'' is preceded with whitespace."/>
+            <message key="ws.illegalFollow"
+                     value="GenericWhitespace ''{0}'' should followed by whitespace."/>
+            <message key="ws.notPreceded"
+                     value="GenericWhitespace ''{0}'' is not preceded with whitespace."/>
+        </module>
+        <module name="OneStatementPerLine"/>
+        <module name="ModifierOrder"/>
+        <module name="EmptyLineSeparator">
+            <property name="tokens"
+                      value="IMPORT, STATIC_IMPORT, CLASS_DEF, INTERFACE_DEF, ENUM_DEF,
+                    STATIC_INIT, INSTANCE_INIT, CTOR_DEF, VARIABLE_DEF, RECORD_DEF,
+                    COMPACT_CTOR_DEF"/>
+            <property name="allowNoEmptyLineBetweenFields" value="true"/>
+        </module>
+        <module name="SeparatorWrap">
+            <property name="id" value="SeparatorWrapDot"/>
+            <property name="tokens" value="DOT"/>
+            <property name="option" value="nl"/>
+        </module>
+        <module name="SeparatorWrap">
+            <property name="id" value="SeparatorWrapComma"/>
+            <property name="tokens" value="COMMA"/>
+            <property name="option" value="EOL"/>
+        </module>
+
+        <module name="CustomImportOrder">
+            <property name="sortImportsInGroupAlphabetically" value="true"/>
+            <property name="separateLineBetweenGroups" value="true"/>
+            <property name="customImportOrderRules" value="STATIC###THIRD_PARTY_PACKAGE"/>
+            <property name="tokens" value="IMPORT, STATIC_IMPORT, PACKAGE_DEF"/>
+        </module>
+        <module name="MethodParamPad">
+            <property name="tokens"
+                      value="CTOR_DEF, LITERAL_NEW, METHOD_CALL, METHOD_DEF,
+                    SUPER_CTOR_CALL, ENUM_CONSTANT_DEF, RECORD_DEF"/>
+        </module>
+        <module name="NoWhitespaceBefore">
+            <property name="tokens"
+                      value="COMMA, SEMI, POST_INC, POST_DEC, DOT,
+                    LABELED_STAT, METHOD_REF"/>
+            <property name="allowLineBreaks" value="true"/>
+        </module>
+        <module name="ParenPad"/>
+        <module name="AnnotationLocation">
+            <property name="allowSamelineMultipleAnnotations" value="false"/>
+            <property name="allowSamelineSingleParameterlessAnnotation" value="false"/>
+            <property name="allowSamelineParameterizedAnnotation" value="false"/>
+        </module>
+        <module name="AbbreviationAsWordInName"/>
+        <module name="UnusedLocalVariable"/>
+    </module>
+</module>