Skip to content
This repository has been archived by the owner on Sep 15, 2023. It is now read-only.

Commit

Permalink
Merge pull request #159 from admin-ch/release/3.8
Browse files Browse the repository at this point in the history
  • Loading branch information
@gstoehld
gstoehld authored Mar 18, 2022
2 parents 74644b8 + 6d76958 commit 358c0b2
Show file tree
Hide file tree
Showing 21 changed files with 202 additions and 113 deletions.
17 changes: 3 additions & 14 deletions ...ain/java/ch/admin/bag/covidcertificate/backend/verifier/sync/config/ActuatorSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,11 @@

package ch.admin.bag.covidcertificate.backend.verifier.sync.config;

import ch.admin.bag.covidcertificate.backend.verifier.sync.config.configbeans.ActuatorSecurityConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.actuate.logging.LoggersEndpoint;
import org.springframework.boot.actuate.metrics.export.prometheus.PrometheusScrapeEndpoint;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.Ordered;
Expand All @@ -40,11 +38,6 @@ public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
@Value("${sync.monitor.prometheus.password}")
private String password;

@Bean
ActuatorSecurityConfig passwordDefault() {
return new ActuatorSecurityConfig(user, password);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(
Expand Down Expand Up @@ -75,12 +68,8 @@ protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/actuator/loggers/**");
}

protected void configureGlobal(
AuthenticationManagerBuilder auth, ActuatorSecurityConfig securityConfig)
throws Exception {
auth.inMemoryAuthentication()
.withUser(securityConfig.getUsername())
.password(securityConfig.getPassword())
.roles(PROMETHEUS_ROLE);
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(user).password(password).roles(PROMETHEUS_ROLE);
}
}
29 changes: 0 additions & 29 deletions ...bag/covidcertificate/backend/verifier/sync/config/configbeans/ActuatorSecurityConfig.java
View file

This file was deleted.

38 changes: 38 additions & 0 deletions ...c/test/java/ch/admin/bag/covidcertificate/backend/verifier/sync/syncer/DgcSyncerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
import static org.springframework.test.web.client.response.MockRestResponseCreators.withStatus;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

import ch.admin.bag.covidcertificate.backend.verifier.data.VerifierDataService;
import ch.admin.bag.covidcertificate.backend.verifier.model.exception.DgcSyncException;
Expand All @@ -28,12 +30,23 @@
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.web.client.ExpectedCount;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.servlet.MockMvc;

@SpringBootTest(
properties = {
"sync.monitor.prometheus.user=prometheus",
"sync.monitor.prometheus.password={noop}prometheus",
"management.endpoints.enabled-by-default=true",
"management.endpoints.web.exposure.include=*"
})
@ActiveProfiles({"actuator-security"})
class DgcSyncerTest extends BaseDgcTest {

private final String TEST_JSON_CSCA = "src/test/resources/csca.json";
Expand Down Expand Up @@ -61,6 +74,31 @@ class DgcSyncerTest extends BaseDgcTest {
@Autowired DgcCertSyncer dgcSyncer;

@Autowired VerifierDataService verifierDataService;
@Autowired MockMvc mockMvc;

@Test
public void testActuatorSecurity() throws Exception {
var response =
mockMvc.perform(get("/actuator/health"))
.andExpect(status().is2xxSuccessful())
.andReturn()
.getResponse();
response =
mockMvc.perform(get("/actuator/loggers"))
.andExpect(status().is(401))
.andReturn()
.getResponse();
response =
mockMvc.perform(
get("/actuator/loggers")
.header(
"Authorization",
"Basic cHJvbWV0aGV1czpwcm9tZXRoZXVz"))
.andExpect(status().isOk())
.andReturn()
.getResponse();
}


@Test
void downloadTest() throws Exception {
Expand Down
2 changes: 1 addition & 1 deletion ...ch-covidcertificate-backend-verifier-valuesets/src/main/resources/CH/RR-CH-0003/rule.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
}
Expand Down
2 changes: 1 addition & 1 deletion ...ch-covidcertificate-backend-verifier-valuesets/src/main/resources/CH/TR-CH-0012/rule.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
}
Expand Down
4 changes: 2 additions & 2 deletions ...erifier-valuesets/src/main/resources/generated/display-rules/display-until-date.aifc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand Down Expand Up @@ -361,7 +361,7 @@
{
"var": "payload.r.0.fr"
},
269,
179,
"day"
]
},
Expand Down
8 changes: 4 additions & 4 deletions ...ackend-verifier-valuesets/src/main/resources/generated/display-rules/eol-banner.aifc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
},
Expand All @@ -185,7 +185,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
},
Expand Down Expand Up @@ -249,7 +249,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand All @@ -273,7 +273,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand Down
2 changes: 1 addition & 1 deletion ...d-verifier-valuesets/src/main/resources/generated/verification-rules/RR-CH-0003.aifc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
}
Expand Down
2 changes: 1 addition & 1 deletion ...d-verifier-valuesets/src/main/resources/generated/verification-rules/TR-CH-0012.aifc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
}
Expand Down
4 changes: 2 additions & 2 deletions ...vidcertificate-backend-verifier-valuesets/src/main/resources/rule-constants/recovery.aifc
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
let RECOVERY_OFFSET = 10;
let RECOVERY_VALIDITY = 270;
let RECOVERY_VALIDITY_DISPLAY = 269;
let RECOVERY_VALIDITY = 180;
let RECOVERY_VALIDITY_DISPLAY = 179;

4 changes: 2 additions & 2 deletions .../ch-covidcertificate-backend-verifier-valuesets/src/main/resources/verificationRules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
}
Expand Down Expand Up @@ -667,7 +667,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
}
Expand Down
16 changes: 8 additions & 8 deletions ...h-covidcertificate-backend-verifier-valuesets/src/main/resources/verificationRulesV2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
}
Expand Down Expand Up @@ -958,7 +958,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
}
Expand Down Expand Up @@ -2700,7 +2700,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand Down Expand Up @@ -2774,7 +2774,7 @@
{
"var": "payload.r.0.fr"
},
269,
179,
"day"
]
},
Expand Down Expand Up @@ -2953,7 +2953,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
},
Expand All @@ -2977,7 +2977,7 @@
{
"var": "payload.r.0.fr"
},
270,
180,
"day"
]
},
Expand Down Expand Up @@ -3041,7 +3041,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand All @@ -3065,7 +3065,7 @@
{
"var": "payload.t.0.sc"
},
270,
180,
"day"
]
},
Expand Down
18 changes: 8 additions & 10 deletions .../main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/config/ActuatorSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@

package ch.admin.bag.covidcertificate.backend.verifier.ws.config;

import ch.admin.bag.covidcertificate.backend.verifier.ws.config.configbeans.ActuatorSecurityConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
Expand All @@ -25,6 +24,8 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE + 9)
Expand All @@ -40,10 +41,6 @@ public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
@Value("${ws.monitor.prometheus.password}")
private String password;

@Bean
ActuatorSecurityConfig passwordDefault() {
return new ActuatorSecurityConfig(user, password);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
Expand Down Expand Up @@ -75,11 +72,12 @@ protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/actuator/loggers/**");
}

protected void configureGlobal(
AuthenticationManagerBuilder auth, ActuatorSecurityConfig securityConfig) throws Exception {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(securityConfig.getUsername())
.password(securityConfig.getPassword())
.roles(PROMETHEUS_ROLE);
.withUser(user)
.password(password)
.roles(PROMETHEUS_ROLE);
}

}
29 changes: 0 additions & 29 deletions ...n/bag/covidcertificate/backend/verifier/ws/config/configbeans/ActuatorSecurityConfig.java
View file

This file was deleted.

Loading

0 comments on commit 358c0b2

Please sign in to comment.