From c34081771fcd4cea58cd34266d918c2c2a05ff69 Mon Sep 17 00:00:00 2001 From: pierresomny Date: Tue, 6 Feb 2024 10:57:31 +0100 Subject: [PATCH] feat: Add conditional security configuration based on application property Add a conditional configuration to `SecurityConfiguration` class based on the value of the `spring.security.enabled` property. If security is enabled, configure the application with a resource server using Spring Security, allowing access to Swagger UI endpoints without authentication and requiring authentication for other requests. If security is disabled, authorize all requests without requiring authentication. Signed-off-by: pierresomny --- .../configuration/SecurityConfiguration.java | 39 +++++++++++++------ src/main/resources/application.properties | 3 +- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/sfeiropensource/schoolapp/configuration/SecurityConfiguration.java b/src/main/java/com/sfeiropensource/schoolapp/configuration/SecurityConfiguration.java index 49a31d1..0ef66db 100644 --- a/src/main/java/com/sfeiropensource/schoolapp/configuration/SecurityConfiguration.java +++ b/src/main/java/com/sfeiropensource/schoolapp/configuration/SecurityConfiguration.java @@ -1,5 +1,6 @@ package com.sfeiropensource.schoolapp.configuration; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; @@ -12,19 +13,35 @@ @Configuration public class SecurityConfiguration { + @Value("${spring.security.enabled:#{true}") + private String securityEnabled; + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - .csrf(AbstractHttpConfigurer::disable) - .cors(cors -> cors.configure(http)) - .authorizeHttpRequests(authorize -> authorize - .requestMatchers( - antMatcher("/v3/api-docs/**"), - antMatcher("/swagger-ui/**") - ).permitAll() - .anyRequest().permitAll() - ) - .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())); + // If security is enabled. + if (Boolean.parseBoolean(securityEnabled)) { + // Set-up has a resource server with spring security. + http + .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configure(http)) + .authorizeHttpRequests(authorize -> authorize + // Authorize swagger freely + .requestMatchers( + antMatcher("/v3/api-docs/**"), + antMatcher("/swagger-ui/**") + ).permitAll() + // And other requests authenticated. + .anyRequest().authenticated() + ) + .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())); + + } else { + // Else, authorize all request. + http + .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configure(http)) + .authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll()); + } return http.build(); } } \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 6b4fce6..0cb4988 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,4 +1,5 @@ info.api.title=@project.name@ info.api.version=@project.version@ info.api.description=@project.description@ -management.endpoint.shutdown.enabled=true \ No newline at end of file +management.endpoint.shutdown.enabled=true +spring.security.enabled=true \ No newline at end of file