working hasGlobalAdminRole and prepare for Micrometer metrics with Spring Security (#127)

Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/127 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
2024-12-03 12:39:19 +01:00
parent 88e0adcea7
commit d06512f0a0
41 changed files with 336 additions and 55 deletions
--- a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
@ -0,0 +1,26 @@
+package net.hostsharing.hsadminng.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig {
+
+    @Bean
+    @Profile("!test")
+    public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
+        return http
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication
+                        .requestMatchers("/actuator/**").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .build();
+    }
+
+}
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -1,6 +1,15 @@
 server:
    port : 8080

+management:
+    server:
+        port: 8081
+        address: 127.0.0.1
+    endpoints:
+        web:
+            exposure:
+                include: info, health, metrics
+
 spring:

    datasource:
--- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
+++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
@ -46,15 +46,15 @@ create or replace function rbac.hasGlobalAdminRole()
    stable -- leakproof
    language plpgsql as $$
 declare
-    currentSubjectOrAssumedRolesUuids text;
+    assumedRoles text;
 begin
    begin
-        currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids');
+        assumedRoles := current_setting('hsadminng.assumedRoles');
    exception
        when others then
-            currentSubjectOrAssumedRolesUuids := null;
+            assumedRoles := null;
    end;
-    return  currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0;
+    return TRIM(COALESCE(assumedRoles, '')) = '' and rbac.isGlobalAdmin();
 end; $$;
 --//