ministryofjustice / prison-api Goto Github PK
View Code? Open in Web Editor NEWAPI for Nomis DB used by DPS applications and other apis and services
Home Page: https://api.prison.service.justice.gov.uk/swagger-ui.html
License: MIT License
API for Nomis DB used by DPS applications and other apis and services
Home Page: https://api.prison.service.justice.gov.uk/swagger-ui.html
License: MIT License
Hi there
The user emileswarts had Direct Member access to this repository and access via a team.
Access is now only via a team.
You may have less access it is dependant upon the teams access to the repo.
If you have any questions, please post in #ask-operations-engineering on Slack.
This issue can be closed.
I'm on a non-ministryofjustice team. Our project will be consuming resources from the prison-api.
My job is to report to my team, answers to these questions:
The Open Source Initiative mentions the word „license“ in nine of the ten numbered parts of its Open Source Definition:
Free Redistribution
The license shall not restrict any party...
Source Code
[not mentioned]
Derived Works
The license must allow modifications and derived works...
Integrity of The Author's Source Code
The license may restrict source-code from being distributed in modified form only if...
No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of persons...
No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field...
Distribution of License
...redistributed without the need for execution of an additional license...
License Must Not Be Specific to a Product
...within the terms of the program's license...
License Must Not Restrict Other Software
The license must not place restrictions on other software...
License Must Be Technology-Neutral
No provision of the license may be predicated on any individual technology or style of interface...
However, the prison-api project doesn't have a license included or mentioned anywhere in it. My team and I are curious to understand what that means from a practical standpoint.
How does the prison-api specify hmpps-auth as its OAuth 2.0 authorization server? Where exactly in the code or configuration files I mean?
Or if you're doing it by Spring Security's auto-configuration, can you share a link to the Spring Security documentation that describes that auto-configuration? Please? I've Googled. But I couldn't find anything.
I'm aware of a few different ways provided by Spring Security for a resource server to configure what authorization server it will delegate OAuth 2.0 authorization to.
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: https://idp.example.com/issuer
@EnableWebSecurity
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
)
);
}
}
I can't see anywhere in any prison-api file where the authorization server is set. Apart from this dev profile configurations I found in the project:
spring:
security:
oauth2:
resourceserver:
jwt:
public-key-location: classpath:local-public-key.pub
spring.security.oauth2.resourceserver.jwt.jwk-set-uri: http://localhost:9090/auth/.well-known/jwks.json
Thank you in advance.
Hi there
The user bjpirt had Direct Member access to this repository and access via a team.
Access is now only via a team.
You may have less access it is dependant upon the teams access to the repo.
If you have any questions, please post in #ask-operations-engineering on Slack.
This issue can be closed.
Hi there
The default branch protection setting called codeowners require review is not enabled for this repository
This option affects a pull request, i.e a PR will need to be reviewed and approved by a CODEOWNER before it can be merged.
See repository settings/Branches/Branch protection rules
Either add a new Branch protection rule or edit the existing branch protection rule and select the Require review from Code Owners option
Create a .github/CODEOWNERS file
Add a or multiple entries of @ministryofjustice/team_name to the CODEOWNERS file
The team_name shall be a team from within the MoJ teams: https://github.com/orgs/ministryofjustice/teams
See GH Codeowners documentation: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
See the repository standards: https://github.com/ministryofjustice/github-repository-standards
See the report: https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/github_repositories
Please contact Operations Engineering on Slack #ask-operations-engineering, if you need any assistance
When the /api/offenders/{offenderNo}
endpoint is called, an OFFENDER_BOOKINGS
record should be created in persistent storage.
The system fails to create the OFFENDER_BOOKINGS
record (full stack trace)...
...
org.springframework.dao.InvalidDataAccessApiUsageException: The given id must not be null!; nested exception is java.lang.IllegalArgumentException: The given id must not be null!
...
Caused by: java.lang.IllegalArgumentException: The given id must not be null!
at org.springframework.util.Assert.notNull(Assert.java:201)
at org.springframework.data.jpa.repository.support.SimpleJpaRepository.findById(SimpleJpaRepository.java:297)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at org.springframework.data.repository.core.support.RepositoryMethodInvoker$RepositoryFragmentMethodInvoker.lambda$new$0(RepositoryMethodInvoker.java:289)
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.doInvoke(RepositoryMethodInvoker.java:137)
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.invoke(RepositoryMethodInvoker.java:121)
at org.springframework.data.repository.core.support.RepositoryComposition$RepositoryFragments.invoke(RepositoryComposition.java:529)
at org.springframework.data.repository.core.support.RepositoryComposition.invoke(RepositoryComposition.java:285)
at org.springframework.data.repository.core.support.RepositoryFactorySupport$ImplementationMethodExecutionInterceptor.invoke(RepositoryFactorySupport.java:599)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.doInvoke(QueryExecutorMethodInterceptor.java<===========--> 87% EXECUTING [5h 31m 35s]
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.invoke(QueryExecutorMethodInterceptor.java:13
...
I am an external developer of a non-DPS system. My application is specified to consume API endpoints exposed by this project. My application will be authorized by HMPPS Auth using the OAuth 2.0 Client Credentials grant.
While stepping through the debugger during investigation of a separate, unrelated issue, I had observed that Spring Security refers to the security principle as "AnonymousUser
" during the OAuth 2.0 Client Credentials grant flow.
Assuming that an "AnonymousUser
" would not have a user name, then the following two lines are reasonable suspects for the root cause of the reported "The given id must not be null
" error...
(username = ((UserDetails) userPrincipal).getUsername();)
staffUserAccountRepository.findById(currentUsername)
/api/offenders/{offenderNo}
endpoint with a JWT access token issued by HMPPS Auth for an OAuth 2.0 Client Credentials grant.When the /api/offenders/
endpoint is called, an OFFENDERS
record should be created in persistent storage.
The system fails to create the OFFENDERS
record...
...
Hibernate: insert into offenders (create_datetime, create_user_id, modify_datetime, modify_user_id, audit_additional_info, audit_client_ip_address, audit_client_user_id, audit_client_workstation_name, audit_module_name, audit_timestamp, audit_user_id, birth_date, caseload_type, create_date, race_code, first_name, sex_code, id_source_code, last_name, last_name_alpha_key, last_name_key, last_name_soundex, middle_name, middle_name_2, name_sequence, offender_id_display, root_offender_id, suffix, title, offender_id) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
...
org.springframework.dao.DataIntegrityViolationException: could not execute statement; SQL [n/a]; constraint [null]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute statement
at org.springframework.orm.jpa.vendor.HibernateJpaDialect.convertHibernateAccessException(HibernateJpaDialect.java:276)
...
Caused by: org.hsqldb.HsqlException: integrity constraint violation: NOT NULL check constraint; SYS_CT_10479 table: OFFENDERS column: CREATE_USER_ID
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.Table.enforceRowConstraints(Unknown Source)
at org.hsqldb.Table.generateAndCheckData(Unknown Source)
at org.hsqldb.Table.insertSingleRow(Unknown Source)
at org.hsqldb.StatementDML.insertSingleRow(Unknown Source)
at org.hsqldb.StatementInsert.getResult(Unknown Source)
at org.hsqldb.StatementDMQL.execute(Unknown Source)
at org.hsqldb.Session.executeCompiledStatement(Unknown Source)
at org.hsqldb.Session.execute(Unknown Source)
... 175 common frames omitted
The DDL for the CREATE_USER_ID
column is...
...
CREATE_USER_ID VARCHAR2(40) DEFAULT USER NOT NULL
...
/api/offenders/
endpoint (see also OffenderResource#createPrisoner
).A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.