read hashed password from config

ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java

@@ -10,13 +10,11 @@
 
 package ch.admin.bag.covidcertificate.backend.verifier.ws.config;
 
-import ch.admin.bag.covidcertificate.backend.verifier.ws.config.configbeans.ActuatorSecurityConfig;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.actuate.health.HealthEndpoint;
 import org.springframework.boot.actuate.info.InfoEndpoint;
 import org.springframework.boot.actuate.logging.LoggersEndpoint;
 import org.springframework.boot.actuate.metrics.export.prometheus.PrometheusScrapeEndpoint;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.Ordered;
@@ -40,10 +38,6 @@ public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
   @Value("${ws.monitor.prometheus.password}")
   private String password;
 
-  @Bean
-  ActuatorSecurityConfig passwordDefault() {
-    return new ActuatorSecurityConfig(user, password);
-  }
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
@@ -75,11 +69,12 @@ protected void configure(HttpSecurity http) throws Exception {
     http.csrf().ignoringAntMatchers("/actuator/loggers/**");
   }
 
-  protected void configureGlobal(
-      AuthenticationManagerBuilder auth, ActuatorSecurityConfig securityConfig) throws Exception {
+  @Override
+  protected void configure(
+      AuthenticationManagerBuilder auth) throws Exception {
     auth.inMemoryAuthentication()
-        .withUser(securityConfig.getUsername())
-        .password(securityConfig.getPassword())
+        .withUser(user)
+        .password(password)
         .roles(PROMETHEUS_ROLE);
   }
 }

ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/ApiKeyAuthenticationTest.java

@@ -31,7 +31,7 @@
 @SpringBootTest(
         properties = {
             "ws.monitor.prometheus.user=prometheus",
-            "ws.monitor.prometheus.password=prometheus",
+            "ws.monitor.prometheus.password={bcrypt}$2y$10$umg27y0QSdCFuCBP6ibxdeR3CssS7TD5GjjikcLi5sUG1uSK9qe/.",
             "management.endpoints.enabled-by-default=true",
             "management.endpoints.web.exposure.include=*",
             "ws.authentication.apiKeys.unit-test=4d1d5663-b4ef-46a5-85b6-3d1d376429da"
@@ -74,6 +74,30 @@ public void testAuthentication() throws Exception {
         }
     }
 
+    @Test
+    public void testActuatorSecurity() throws Exception {
+        var response =
+                mockMvc.perform(get("/actuator/health"))
+                        .andExpect(status().is2xxSuccessful())
+                        .andReturn()
+                        .getResponse();
+        response =
+                mockMvc.perform(get("/actuator/loggers"))
+                        .andExpect(status().is(401))
+                        .andReturn()
+                        .getResponse();
+        response =
+                mockMvc.perform(
+                                get("/actuator/loggers")
+                                        .header(
+                                                "Authorization",
+                                                "Basic cHJvbWV0aGV1czpwcm9tZXRoZXVz"))
+                        .andExpect(status().isOk())
+                        .andReturn()
+                        .getResponse();
+    }
+
+
     private void testAuthenticationForEndpoint(String url) throws Exception {
         LOGGER.info("testing authentication for endpoint: {}", url);