diff --git a/README_did_web.md b/README_did_web.md
index c4dedea96..4acd400b1 100644
--- a/README_did_web.md
+++ b/README_did_web.md
@@ -56,34 +56,36 @@ Currently the minimum is 80%
## Environment Variables
-| name | description | default value |
-|------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| APPLICATION_PORT | port number of application | 8080 |
-| APPLICATION_ENVIRONMENT | Environment of the application ie. local, dev, int and prod | local |
-| DB_HOST | Database host | localhost |
-| DB_PORT | Port of database | 5432 |
-| DB_NAME | Database name | miw |
-| USE_SSL | Whether SSL is enabled in database server | false |
-| DB_USER_NAME | Database username | |
-| DB_PASSWORD | Database password | |
-| DB_POOL_SIZE | Max number of database connection acquired by application | 10 |
-| KEYCLOAK_MIW_PUBLIC_CLIENT | Only needed if we want enable login with keyalock in swagger | miw_public |
-| MANAGEMENT_PORT | Spring actuator port | 8090 |
-| MIW_HOST_NAME | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN | localhost |
-| ENCRYPTION_KEY | encryption key used to encrypt and decrypt private and public key of wallet | |
-| AUTHORITY_WALLET_BPN | base wallet BPN number | BPNL000000000000 |
-| AUTHORITY_WALLET_NAME | Base wallet name | Catena-X |
-| AUTHORITY_WALLET_DID | Base wallet web did | web:did:host:BPNL000000000000 |
-| VC_SCHEMA_LINK | Comma separated list of VC schema URL | https://www.w3.org/2018/credentials/v1, https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData |
-| VC_EXPIRY_DATE | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025 |
-| KEYCLOAK_REALM | Realm name of keycloak | miw_test |
-| KEYCLOAK_CLIENT_ID | Keycloak private client id | |
-| AUTH_SERVER_URL | Keycloak server url | |
-| SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
-| | | |
+| name | description | default value |
+|---------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| APPLICATION_PORT | port number of application | 8080 |
+| APPLICATION_ENVIRONMENT | Environment of the application ie. local, dev, int and prod | local |
+| DB_HOST | Database host | localhost |
+| DB_PORT | Port of database | 5432 |
+| DB_NAME | Database name | miw |
+| USE_SSL | Whether SSL is enabled in database server | false |
+| DB_USER_NAME | Database username | |
+| DB_PASSWORD | Database password | |
+| DB_POOL_SIZE | Max number of database connection acquired by application | 10 |
+| KEYCLOAK_MIW_PUBLIC_CLIENT | Only needed if we want enable login with keyalock in swagger | miw_public |
+| MANAGEMENT_PORT | Spring actuator port | 8090 |
+| MIW_HOST_NAME | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN | localhost |
+| ENCRYPTION_KEY | encryption key used to encrypt and decrypt private and public key of wallet | |
+| AUTHORITY_WALLET_BPN | base wallet BPN number | BPNL000000000000 |
+| AUTHORITY_WALLET_NAME | Base wallet name | Catena-X |
+| AUTHORITY_WALLET_DID | Base wallet web did | web:did:host:BPNL000000000000 |
+| VC_SCHEMA_LINK | Comma separated list of VC schema URL | https://www.w3.org/2018/credentials/v1, https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData |
+| VC_EXPIRY_DATE | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025 |
+| KEYCLOAK_REALM | Realm name of keycloak | miw_test |
+| KEYCLOAK_CLIENT_ID | Keycloak private client id | |
+| AUTH_SERVER_URL | Keycloak server url | |
+| SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
+| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution | true |
+| | | |
## Reference
1. https://www.testcontainers.org/modules/databases/postgres/
2. https://github.com/dasniko/testcontainers-keycloak
3. https://github.com/smartSenseSolutions/smartsense-java-commons
+4. https://github.com/catenax-ng/product-lab-ssi
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
index ad68fb276..5d5c22882 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
@@ -43,7 +43,7 @@ public class ExceptionHandling extends ResponseEntityExceptionHandler {
public static final String TIMESTAMP = "timestamp";
/**
- * Handle wallet not found problem problem detail.
+ * Handle wallet not found problem detail.
*
* @param e the e
* @return the problem detail
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
index 7209adde0..ad1dcc6dc 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
@@ -34,5 +34,6 @@
public record MIWSettings(String host, String encryptionKey, String authorityWalletBpn, String authorityWalletDid,
String authorityWalletName,
List vcContexts, @DateTimeFormat(pattern = "dd-MM-yyyy") Date vcExpiryDate,
- String supportedFrameworkVCTypes) {
+ String supportedFrameworkVCTypes,
+ boolean enforceHttps) {
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
index 313cb49a9..b8a0c497f 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
@@ -58,7 +58,7 @@ public OpenAPI openAPI() {
info.setDescription("MIW API");
info.setVersion("0.0.1");
OpenAPI openAPI = new OpenAPI();
- if (properties.enabled()) {
+ if (Boolean.TRUE.equals(properties.enabled())) {
openAPI = enableSecurity(openAPI);
}
return openAPI.info(info);
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
index c094adfa8..d02c5ad2e 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
@@ -27,11 +27,9 @@
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.util.CollectionUtils;
-import java.util.Collection;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
+import java.util.*;
import java.util.stream.Collectors;
/**
@@ -54,12 +52,15 @@ public CustomAuthenticationConverter(String resourceId) {
@Override
public AbstractAuthenticationToken convert(Jwt source) {
- Collection authorities = (grantedAuthoritiesConverter.convert(source))
- .stream()
- .collect(Collectors.toSet());
- authorities.addAll(extractResourceRoles(source, resourceId));
- extractResourceRoles(source, resourceId);
- return new JwtAuthenticationToken(source, authorities);
+ Collection convert = grantedAuthoritiesConverter.convert(source);
+ if (!CollectionUtils.isEmpty(convert)) {
+ Collection authorities = new HashSet<>(convert);
+ authorities.addAll(extractResourceRoles(source, resourceId));
+ extractResourceRoles(source, resourceId);
+ return new JwtAuthenticationToken(source, authorities);
+ } else {
+ return new JwtAuthenticationToken(source, Collections.emptyList());
+ }
}
private Collection extends GrantedAuthority> extractResourceRoles(Jwt jwt, String resourceId) {
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
index bed7f77d0..851959892 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
@@ -152,6 +152,6 @@ public ResponseEntity