mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: security, keycloak SSOT, restart policy, arch-test reaktiviert

Browse Source 
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
Stefan Mogeritsch
2026-03-15 19:16:17 +01:00
parent f05aabb0d4
commit 1b1ca82163
6 changed files with 22 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/services/entries/entries-service/build.gradle.kts
+1
View File
@@ -15,6 +15,7 @@ dependencies {
implementation(projects.platform.platformDependencies)
implementation(projects.backend.services.entries.entriesApi)
implementation(projects.backend.infrastructure.monitoring.monitoringClient)
implementation(projects.backend.infrastructure.security)
// Standard dependencies for a secure microservice (centralized bundle)
implementation(libs.bundles.spring.boot.secure.service)
backend/services/entries/entries-service/src/main/kotlin/at/mocode/entries/service/config/SecurityConfiguration.kt
-36
View File
@@ -1,36 +0,0 @@
package at.mocode.entries.service.config
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.SecurityFilterChain
/**
* Security configuration for the Entries Service.
* Enables method-level security for fine-grained authorization control.
*/
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
class SecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
return http
.csrf { it.disable() }
.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.authorizeHttpRequests { auth ->
auth
// Allow health check endpoints
.requestMatchers("/actuator/**", "/health/**").permitAll()
// Allow ping endpoints for monitoring (these are typically public)
.requestMatchers("/entries/**").permitAll()
// All other endpoints require authentication (handled by method-level security)
.anyRequest().authenticated()
}
.build()
}
}
backend/services/entries/entries-service/src/main/resources/application.yaml
+6
View File
@@ -1,6 +1,12 @@
spring:
application:
name: entries-service
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI:http://localhost:8180/realms/meldestelle}
jwk-set-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
cloud:
consul:
host: ${CONSUL_HOST:localhost}