mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore(ping-service, security): integrate centralized security module and enhance Ping-Service

Browse Source 
- Replaced local `SecurityConfig` in `ping-service` with the shared `infrastructure:security` module.
- Added `GlobalSecurityConfig` to standardize OAuth2, JWT validation, and CORS for all services.
- Introduced new endpoints (`/ping/public`, `/ping/secure`) with role-based access control.
- Updated database schema with Flyway migration (`V1__init_ping.sql`) and refactored persistence layer to align with the standardized approach (`createdAt` field).
- Enhanced application configuration (`application.yaml`) to use shared security and Flyway settings.
This commit is contained in:
Stefan Mogeritsch
2026-01-16 19:11:48 +01:00
parent 9456f28562
commit 05962487e7
14 changed files with 234 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/05_Backend/Services/PingService.md
+38
View File
@@ -0,0 +1,38 @@
# Ping Service
Der `ping-service` ist der "Tracer Bullet" Service für die Meldestelle-Architektur. Er dient als Blueprint für alle weiteren Microservices.
## Verantwortlichkeit
* Technischer Durchstich (Frontend -> Gateway -> Service -> DB).
* Validierung der Infrastruktur (Security, Resilience, Observability).
* Referenzimplementierung für DDD, Hexagonal Architecture und KMP-Integration.
## API Endpunkte
| Methode | Pfad | Beschreibung | Auth |
| :--- | :--- | :--- | :--- |
| GET | `/ping/simple` | Einfacher Ping, speichert in DB | Public |
| GET | `/ping/enhanced` | Ping mit Circuit Breaker Simulation | Public |
| GET | `/ping/public` | Expliziter Public Endpoint | Public |
| GET | `/ping/secure` | Geschützter Endpoint (benötigt Rolle) | **Secure** (MELD_USER) |
| GET | `/ping/health` | Health Check | Public |
| GET | `/ping/history` | Historie aller Pings | Public (Debug) |
## Architektur
Der Service folgt der Hexagonalen Architektur (Ports & Adapters):
* **Domain:** `at.mocode.ping.domain` (Pure Kotlin, keine Frameworks).
* **Application:** `at.mocode.ping.application` (Use Cases, Spring Service).
* **Infrastructure:** `at.mocode.ping.infrastructure` (Web, Persistence, Security).
## Security
* Nutzt das zentrale Modul `backend:infrastructure:security`.
* OAuth2 Resource Server (JWT Validation via Keycloak).
* Rollen-Mapping: Keycloak Realm Roles -> Spring Security Authorities (`ROLE_...`).
## Persistence
* Datenbank: PostgreSQL.
* Migration: Flyway (`V1__init_ping.sql`).
* ORM: Spring Data JPA (für Write Model).
## Resilience
* Circuit Breaker: Resilience4j (für DB-Zugriffe und simulierte Fehler).