Add fine-granular meta model relations with low-code template support

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/workflows/ci.yml

@@ -9,6 +9,10 @@ on:
     branches:
       - main
       - develop
+  push:
+    branches:
+      - main
+      - develop
   # nightly
   schedule:
     - cron: "0 3 * * *"
@@ -39,7 +43,7 @@ jobs:
           --batch-mode
           --update-snapshots
           --no-transfer-progress
-          
+
       - name: Stage build results (Unix)
         run: mkdir staging-ubuntu-latest && find . -path '*/target/*.jar' -exec cp {} staging-ubuntu-latest/ \;
 
@@ -52,7 +56,7 @@ jobs:
   sonar:
     name: SonarQube analysis
     runs-on: ubuntu-latest
-    needs: [verify]
+    needs: [ verify ]
     if: github.event_name == 'schedule' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
     strategy:
       fail-fast: true

.gitignore

@@ -29,3 +29,5 @@ replay_pid*
 /builder/target/
 /app/target/
 /.vscode/
+
+opt/vitruv/work/

.vscode/settings.json

@@ -1,4 +1,9 @@
 {
   "java.configuration.updateBuildConfiguration": "automatic",
-  "java.compile.nullAnalysis.mode": "automatic"
+  "java.compile.nullAnalysis.mode": "automatic",
+  "java.configuration.annotationProcessing.enabled": true,
+  "maven.executable.path": "${workspaceFolder}/mvnw.cmd",
+  "maven.terminal.useJavaHome": true,
+  "files.encoding": "utf8",
+  "java.checkstyle.configuration": "${workspaceFolder}\\checkstyle.xml"
 }

README.md

@@ -23,6 +23,7 @@ using Docker Compose and the included realm template.
 - Build
 - Run (development)
 - Configuration
+- Dependency setup (REQUIRED)
 - Keycloak setup (REQUIRED)
     - Start Keycloak with Docker Compose
     - Import the provided realm (methodologist)
@@ -67,7 +68,8 @@ Run tests:
 ./mvnw test
 ```
 
-The runnable JAR will be created under `target/` (for example: `target/methodologist.jar`).
+Two runnable JARs will be created under `target/`.
+The `methodologist-build-jar-with-dependencies.jar` contains all dependencies.
 
 ---
 
@@ -76,7 +78,7 @@ The runnable JAR will be created under `target/` (for example: `target/methodolo
 Run the packaged JAR with a custom configuration directory:
 
 ```bash
-java -jar target/methodologist.jar --spring.config.location=file:/absolute/path/to/config/
+java -jar target/methodologist-build-jar-with-dependencies.jar --spring.config.location=file:/absolute/path/to/config/
 ```
 
 The directory provided to `spring.config.location` must contain `application.properties` or `application.yml`. Use
@@ -156,6 +158,14 @@ Adjust the structure above to match any additional modules in your clone.
 
 ---
 
+## Dependency setup (REQUIRED)
+
+The backend requires multiple jar files to be placed at specific configurable locations manually.
+- The `methodologist-build-jar-with-dependencies.jar` generated during build must be renamed to `methodologist-build.jar` and must be placed at the property path `builder.jarPath` manually.
+- The project requires a [vitruv-cli.jar](https://github.com/vitruv-tools/Vitruv-CLI), which must be built separately and placed at the property path `vitruv.cli.jar` manually.
+
+---
+
 ## Keycloak setup (REQUIRED)
 
 The backend requires a Keycloak server with a realm named `methodologist`. The repository includes a realm template at:
@@ -175,7 +185,7 @@ If a `docker-compose.yaml` is present at the project root and contains a `keyclo
 docker compose up -d keycloak
 ```
 
-After the container is running, open the Admin Console (typically `http://localhost:8080/`) and log in with the admin
+After the container is running, open the Admin Console (`http://localhost:7668/admin`) and log in with the admin
 credentials defined in the compose file.
 
 #### Import the `methodologist` realm via the Admin Console
@@ -189,7 +199,7 @@ credentials defined in the compose file.
 Run Keycloak in development mode (example using Keycloak 20+ `start-dev` image):
 
 ```bash
-docker run --rm -p 8080:8080 \
+docker run --rm -p 7668:8080 \
   -e KEYCLOAK_ADMIN=admin \
   -e KEYCLOAK_ADMIN_PASSWORD=admin \
   quay.io/keycloak/keycloak:latest \
@@ -205,7 +215,7 @@ supported by your Keycloak image) to import the realm on first start. This behav
 and version. Example (pseudo):
 
 ```bash
-docker run --rm -p 8080:8080 \
+docker run --rm -p 7668:8080 \
   -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
   -v $(pwd)/docker/keycloak/realm-template.json:/opt/keycloak/data/import/realm-template.json \
   -e KC_IMPORT=/opt/keycloak/data/import/realm-template.json \

app/pom.xml

@@ -166,7 +166,7 @@
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
-            <version>3.27.3</version>
+            <version>3.27.7</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -185,6 +185,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-websocket</artifactId>

app/src/main/java/tools/vitruv/methodologist/ResponseTemplateDto.java

@@ -5,11 +5,19 @@
 import lombok.Getter;
 import lombok.Setter;
 
+/**
+ * Generic DTO for API responses.
+ *
+ * @param <T> the type of the data contained in the response
+ */
 @Setter
 @Getter
 @Builder
 @AllArgsConstructor
 public class ResponseTemplateDto<T> {
+  /** The data returned in the response. */
   private T data;
+
+  /** A message providing additional information about the response. */
   private String message;
 }

app/src/main/java/tools/vitruv/methodologist/annotation/ReactionMetadata.java

@@ -0,0 +1,61 @@
+package tools.vitruv.methodologist.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/** Annotation to provide metadata for reactions. */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.FIELD, ElementType.TYPE})
+public @interface ReactionMetadata {
+  /**
+   * The name of the reaction or field.
+   *
+   * @return the name
+   */
+  String name() default "";
+
+  /**
+   * The description of the reaction or field.
+   *
+   * @return the description
+   */
+  String description() default "";
+
+  /**
+   * Whether the reaction or field should be hidden.
+   *
+   * @return true if hidden, false otherwise
+   */
+  boolean hide() default false;
+
+  // TODO: Add readonly property
+  /**
+   * The default string value.
+   *
+   * @return the default string value
+   */
+  String defaultStringValue() default "";
+
+  /**
+   * The default integer value.
+   *
+   * @return the default integer value
+   */
+  int defaultIntValue() default 0;
+
+  /**
+   * The default boolean value.
+   *
+   * @return the default boolean value
+   */
+  boolean defaultBooleanValue() default false;
+
+  /**
+   * The default double value.
+   *
+   * @return the default double value
+   */
+  double defaultDoubleValue() default 0.0;
+}

app/src/main/java/tools/vitruv/methodologist/apihandler/KeycloakApiHandler.java

@@ -2,7 +2,7 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
 import com.fasterxml.jackson.databind.annotation.JsonNaming;
 import java.time.Duration;
 import java.util.Map;
@@ -34,9 +34,16 @@
  */
 @Component
 public class KeycloakApiHandler {
+  /** The timeout for API responses in seconds. */
   public static final int RESPONSE_TIMEOUT_IN_SECONDS = 5;
+
+  /** The URL for posting token requests. */
   public static final String POST_TOKEN_URL = "/realms/methodologist/protocol/openid-connect/token";
+
+  /** The WebClient used for making API calls. */
   private final WebClient webClient;
+
+  /** The object mapper used for JSON serialization/deserialization. */
   private final ObjectMapper mapper = new ObjectMapper();
 
   @Value("${methodologist.keycloak.client-id}")
@@ -182,7 +189,7 @@ public KeycloakWebToken getAccessTokenByRefreshToken(String refreshToken) {
   /** DTO for token exchange request body parameters. */
   @Setter
   @Getter
-  @JsonNaming(PropertyNamingStrategy.SnakeCaseStrategy.class)
+  @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
   public static class ExchangeTokenPostBody {
 
     /** DTO for token request body parameters. */
@@ -215,7 +222,7 @@ public ExchangeTokenPostBody(String subjectToken, String requestedSubject) {
   @Getter
   @Builder
   @AllArgsConstructor
-  @JsonNaming(PropertyNamingStrategy.SnakeCaseStrategy.class)
+  @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
   public static class TokenPostBody {
     private String clientId;
     private String grantType;

app/src/main/java/tools/vitruv/methodologist/config/MethodSecurityConfiguration.java

@@ -0,0 +1,11 @@
+package tools.vitruv.methodologist.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+
+/** Configuration class for enabling method-level security. */
+@Configuration
+@Profile("!noauth")
+@EnableMethodSecurity(jsr250Enabled = true)
+public class MethodSecurityConfiguration {}

app/src/main/java/tools/vitruv/methodologist/config/SecurityConfiguration.java

@@ -4,8 +4,9 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -23,7 +24,6 @@
  */
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity(jsr250Enabled = true, prePostEnabled = true)
 public class SecurityConfiguration {
 
   @Value("${allowed.origins:*}")
@@ -32,6 +32,28 @@ public class SecurityConfiguration {
   @Value("${allowed.headers:*}")
   private String allowedHeaders;
 
+  /**
+   * Dev-only security filter chain that permits all requests.
+   *
+   * @param http the {@link HttpSecurity} to configure
+   * @return the built {@link SecurityFilterChain}
+   * @throws Exception on configuration errors
+   */
+  @Bean
+  @Profile({"noauth"})
+  @Order(0)
+  public SecurityFilterChain devPermitAllSecurityFilterChain(HttpSecurity http) throws Exception {
+    return http.csrf(csrf -> csrf.disable())
+        .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+        .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
+        .oauth2ResourceServer(oauth2 -> oauth2.disable())
+        .httpBasic(basic -> basic.disable())
+        .formLogin(form -> form.disable())
+        .logout(logout -> logout.disable())
+        .build();
+  }
+
   /**
    * Defines the security filter chain:
    *
@@ -47,6 +69,7 @@ public class SecurityConfiguration {
    * @throws Exception on configuration errors
    */
   @Bean
+  @Profile("!noauth")
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     return http.csrf(csrf -> csrf.disable())
         .cors(cors -> cors.configurationSource(corsConfigurationSource()))

app/src/main/java/tools/vitruv/methodologist/exception/ErrorResponse.java

@@ -22,4 +22,6 @@ public class ErrorResponse {
   private String message;
 
   private String path;
+
+  private String stackTrace;
 }

app/src/main/java/tools/vitruv/methodologist/exception/FileAlreadyExistsException.java

@@ -1,8 +1,8 @@
 package tools.vitruv.methodologist.exception;
 
 /**
- * Exception thrown when a user attempts to upload a file that is already stored in the system.
- * This0 exception is used to prevent duplicate file storage for the same user.
+ * Exception thrown when a user attempts to upload a file that is already stored in the system. This
+ * exception is used to prevent duplicate file storage for the same user.
  */
 public class FileAlreadyExistsException extends RuntimeException {
   public static final String MESSAGE_TEMPLATE = "This file already exists.";