From 89dd47594707c6757aaeb839ad3510df0a0222ec Mon Sep 17 00:00:00 2001 From: Andreas Pfeil Date: Tue, 28 Jan 2025 13:51:01 +0100 Subject: [PATCH] feat: permit access to actuators (but only as configured) Provides a sane default (info and health) for local use and docker. --- config/application-default.properties | 5 ++++- config/application-docker.properties | 5 ++++- .../kit/datamanager/pit/configuration/WebSecurityConfig.java | 2 ++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/config/application-default.properties b/config/application-default.properties index bd0c425f..7454a950 100644 --- a/config/application-default.properties +++ b/config/application-default.properties @@ -44,7 +44,7 @@ spring.servlet.multipart.max-request-size: 100MB management.endpoint.health.access: unrestricted management.endpoint.health.show-details: ALWAYS management.endpoint.health.sensitive: false -management.endpoints.web.exposure.include: * +management.endpoints.web.exposure.include: health, info ############### ### Logging ### @@ -106,6 +106,7 @@ spring.autoconfigure.exclude=org.keycloak.adapters.springboot.KeycloakAutoConfig # enables search endpoint at /api/v1/search repo.search.enabled: false repo.search.index: * +# only enable if endpoint is enabled: management.health.elasticsearch.enabled: false # TO BE REMOVED! @@ -132,6 +133,8 @@ spring.cloud.gateway.proxy.sensitive=content-length # exchange aka. topic and the queue. The routingKeys are defining wich messages are # routed to the aforementioned queue. repo.messaging.enabled: false +# enables report via health actuator. Only activate if messaging is enabled. +management.health.rabbit.enabled: false repo.messaging.hostname: localhost repo.messaging.port: 5672 repo.messaging.sender.exchange: record_events diff --git a/config/application-docker.properties b/config/application-docker.properties index e6b3b654..d8c92b87 100644 --- a/config/application-docker.properties +++ b/config/application-docker.properties @@ -44,7 +44,7 @@ spring.servlet.multipart.max-request-size: 100MB management.endpoint.health.enabled: true management.endpoint.health.show-details: ALWAYS management.endpoint.health.sensitive: false -management.endpoints.web.exposure.include: * +management.endpoints.web.exposure.include: health, info ############### ### Logging ### @@ -106,6 +106,7 @@ spring.autoconfigure.exclude=org.keycloak.adapters.springboot.KeycloakAutoConfig # enables search endpoint at /api/v1/search repo.search.enabled: false repo.search.index: * +# only enable if endpoint is enabled: management.health.elasticsearch.enabled: false # TO BE REMOVED! @@ -132,6 +133,8 @@ spring.cloud.gateway.proxy.sensitive=content-length # exchange aka. topic and the queue. The routingKeys are defining wich messages are # routed to the aforementioned queue. repo.messaging.enabled: false +# enables report via health actuator. Only activate if messaging is enabled. +management.health.rabbit.enabled: false repo.messaging.hostname: localhost repo.messaging.port: 5672 repo.messaging.sender.exchange: record_events diff --git a/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java b/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java index 7edb355a..8ac91e0c 100644 --- a/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java +++ b/src/main/java/edu/kit/datamanager/pit/configuration/WebSecurityConfig.java @@ -77,6 +77,8 @@ protected SecurityFilterChain filterChain(HttpSecurity http, Logger logger) thro .requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll() .requestMatchers(HttpMethod.GET, "/swagger-ui/**").permitAll() .requestMatchers(HttpMethod.GET, "/v3/**").permitAll() + // permit access to actuator endpoints + .requestMatchers("/actuator/**").permitAll() // only the actual API is protected .requestMatchers("/api/v1/**").authenticated() )