diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java index ec6f35d5..95b97fe7 100644 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java @@ -10,13 +10,11 @@ package ch.admin.bag.covidcertificate.backend.verifier.ws.config; -import ch.admin.bag.covidcertificate.backend.verifier.ws.config.configbeans.ActuatorSecurityConfig; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.boot.actuate.logging.LoggersEndpoint; import org.springframework.boot.actuate.metrics.export.prometheus.PrometheusScrapeEndpoint; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.core.Ordered; @@ -40,10 +38,6 @@ public class ActuatorSecurity extends WebSecurityConfigurerAdapter { @Value("${ws.monitor.prometheus.password}") private String password; - @Bean - ActuatorSecurityConfig passwordDefault() { - return new ActuatorSecurityConfig(user, password); - } @Override protected void configure(HttpSecurity http) throws Exception { @@ -75,11 +69,12 @@ protected void configure(HttpSecurity http) throws Exception { http.csrf().ignoringAntMatchers("/actuator/loggers/**"); } - protected void configureGlobal( - AuthenticationManagerBuilder auth, ActuatorSecurityConfig securityConfig) throws Exception { + @Override + protected void configure( + AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() - .withUser(securityConfig.getUsername()) - .password(securityConfig.getPassword()) + .withUser(user) + .password(password) .roles(PROMETHEUS_ROLE); } } diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/configbeans/ActuatorSecurityConfig.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/configbeans/ActuatorSecurityConfig.java deleted file mode 100644 index dec7fcd1..00000000 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/configbeans/ActuatorSecurityConfig.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2021 Ubique Innovation AG - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at https://mozilla.org/MPL/2.0/. - * - * SPDX-License-Identifier: MPL-2.0 - */ - -package ch.admin.bag.covidcertificate.backend.verifier.ws.config.configbeans; - -public class ActuatorSecurityConfig { - private final String username; - private final String password; - - public String getUsername() { - return username; - } - - public String getPassword() { - return password; - } - - public ActuatorSecurityConfig(String username, String password) { - this.username = username; - this.password = password; - } -} diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/ApiKeyAuthenticationTest.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/ApiKeyAuthenticationTest.java index e80b610e..b580482a 100644 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/ApiKeyAuthenticationTest.java +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/ApiKeyAuthenticationTest.java @@ -31,7 +31,7 @@ @SpringBootTest( properties = { "ws.monitor.prometheus.user=prometheus", - "ws.monitor.prometheus.password=prometheus", + "ws.monitor.prometheus.password={bcrypt}$2y$10$umg27y0QSdCFuCBP6ibxdeR3CssS7TD5GjjikcLi5sUG1uSK9qe/.", "management.endpoints.enabled-by-default=true", "management.endpoints.web.exposure.include=*", "ws.authentication.apiKeys.unit-test=4d1d5663-b4ef-46a5-85b6-3d1d376429da" @@ -74,6 +74,30 @@ public void testAuthentication() throws Exception { } } + @Test + public void testActuatorSecurity() throws Exception { + var response = + mockMvc.perform(get("/actuator/health")) + .andExpect(status().is2xxSuccessful()) + .andReturn() + .getResponse(); + response = + mockMvc.perform(get("/actuator/loggers")) + .andExpect(status().is(401)) + .andReturn() + .getResponse(); + response = + mockMvc.perform( + get("/actuator/loggers") + .header( + "Authorization", + "Basic cHJvbWV0aGV1czpwcm9tZXRoZXVz")) + .andExpect(status().isOk()) + .andReturn() + .getResponse(); + } + + private void testAuthenticationForEndpoint(String url) throws Exception { LOGGER.info("testing authentication for endpoint: {}", url);