unauthenticated swagger-ui on- server-port and proper security filter integration into Spring Security (#163)

Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/163 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
2025-03-17 12:59:50 +01:00
parent a2b81f009b
commit 5ca0638319
43 changed files with 406 additions and 177 deletions
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -17,7 +17,7 @@ management:
                # HOWTO: view the effective application configuration properties:
                #   http://localhost:8081/actuator/configprops

-                include: info, health, metrics, metric-links, mappings, openapi, swaggerui, configprops, env
+                include: info, health, metrics, metric-links, mappings, openapi, configprops, env
    endpoint:
        env:
            # TODO.spec: check this, maybe set to when_authorized?
@@ -37,6 +37,11 @@ spring:
        url: ${HSADMINNG_POSTGRES_JDBC_URL}
        username: postgres

+    data:
+        rest:
+            # do NOT implicilty expose SpringData repositories as REST-controllers
+            detection-strategy: annotated
+
    sql:
        init:
            mode: never
@@ -49,10 +54,6 @@ spring:
    liquibase:
        contexts: ${spring.profiles.active}

-# keep this in sync with test/.../application.yml
-springdoc:
-    use-management-port: true
-
 hsadminng:
    postgres:
        leakproof:
@@ -66,3 +67,9 @@ metrics:
            http:
                server:
                    requests: true
+
+logging:
+    level:
+        org:
+            springframework:
+                security: TRACE