update auth-module ping-service consul
This commit is contained in:
+33
@@ -0,0 +1,33 @@
|
||||
package at.mocode.infrastructure.auth.config
|
||||
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.web.SecurityFilterChain
|
||||
|
||||
/**
|
||||
* Spring Security Konfiguration für den Auth-Server.
|
||||
* Ermöglicht öffentlichen Zugriff auf Actuator Health-Endpoints für Consul Health Checks.
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
return http
|
||||
.authorizeHttpRequests { authz ->
|
||||
authz
|
||||
// Erlaubt öffentlichen Zugriff auf Health-Endpoints für Consul
|
||||
.requestMatchers("/actuator/health", "/actuator/health/**").permitAll()
|
||||
.requestMatchers("/actuator/info").permitAll()
|
||||
// Alle anderen Endpoints benötigen Authentifizierung
|
||||
.anyRequest().authenticated()
|
||||
}
|
||||
.oauth2ResourceServer { oauth2 ->
|
||||
oauth2.jwt { }
|
||||
}
|
||||
.build()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,52 @@
|
||||
spring:
|
||||
application:
|
||||
name: auth-server
|
||||
|
||||
cloud:
|
||||
consul:
|
||||
discovery:
|
||||
enabled: false
|
||||
config:
|
||||
enabled: false
|
||||
|
||||
security:
|
||||
oauth2:
|
||||
resourceserver:
|
||||
jwt:
|
||||
# This will be configured via environment variables in production
|
||||
jwk-set-uri: http://localhost:8080/realms/meldestelle/protocol/openid-connect/certs
|
||||
|
||||
server:
|
||||
port: 0
|
||||
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
exposure:
|
||||
include: health,info
|
||||
base-path: /actuator
|
||||
endpoint:
|
||||
health:
|
||||
show-details: always
|
||||
show-components: always
|
||||
security:
|
||||
enabled: false
|
||||
|
||||
logging:
|
||||
level:
|
||||
at.mocode.infrastructure.auth: DEBUG
|
||||
org.springframework.security: DEBUG
|
||||
org.springframework.cloud.consul: INFO
|
||||
|
||||
# Keycloak configuration
|
||||
keycloak:
|
||||
auth-server-url: http://localhost:8080
|
||||
realm: meldestelle
|
||||
resource: auth-server
|
||||
credentials:
|
||||
secret: your-client-secret-here
|
||||
|
||||
# JWT configuration (development only - use proper secrets in production)
|
||||
jwt:
|
||||
secret: dev-secret-key-change-in-production
|
||||
expiration: 86400000 # 24 hours in milliseconds
|
||||
@@ -1,6 +1,6 @@
|
||||
# Port, auf dem das Gateway läuft
|
||||
server:
|
||||
port: 8081
|
||||
port: 8080
|
||||
# Optimierte Netty-Konfiguration für reaktive Anwendungen
|
||||
netty:
|
||||
connection-timeout: 5s
|
||||
@@ -28,11 +28,10 @@ spring:
|
||||
health-check-interval: 10s
|
||||
instance-id: ${spring.application.name}-${server.port}-${random.uuid}
|
||||
gateway:
|
||||
# HTTP Client-Timeouts für stabile Upstream-Verbindungen
|
||||
server:
|
||||
webflux:
|
||||
httpclient:
|
||||
connect-timeout: 5000 # in Millisekunden
|
||||
connect-timeout: 5000
|
||||
response-timeout: 30s
|
||||
pool:
|
||||
max-idle-time: 15s
|
||||
@@ -70,7 +69,6 @@ spring:
|
||||
maxBackoff: 500ms
|
||||
factor: 2
|
||||
basedOnPreviousValue: false
|
||||
# Sicherheits-Header für erweiterten Schutz
|
||||
- name: AddResponseHeader
|
||||
args:
|
||||
name: X-Content-Type-Options
|
||||
@@ -92,7 +90,6 @@ spring:
|
||||
name: Cache-Control
|
||||
value: no-cache, no-store, must-revalidate
|
||||
routes:
|
||||
# Health Check und Gateway Info Routes
|
||||
- id: gateway-info-route
|
||||
uri: http://localhost:${server.port}
|
||||
predicates:
|
||||
@@ -101,8 +98,6 @@ spring:
|
||||
filters:
|
||||
- SetStatus=200
|
||||
- SetResponseHeader=Content-Type,application/json
|
||||
|
||||
# Members Service Routes
|
||||
- id: members-service-route
|
||||
uri: lb://members-service
|
||||
predicates:
|
||||
@@ -113,8 +108,6 @@ spring:
|
||||
args:
|
||||
name: membersCircuitBreaker
|
||||
fallbackUri: forward:/fallback/members
|
||||
|
||||
# Horses Service Routes
|
||||
- id: horses-service-route
|
||||
uri: lb://horses-service
|
||||
predicates:
|
||||
@@ -125,8 +118,6 @@ spring:
|
||||
args:
|
||||
name: horsesCircuitBreaker
|
||||
fallbackUri: forward:/fallback/horses
|
||||
|
||||
# Events Service Routes
|
||||
- id: events-service-route
|
||||
uri: lb://events-service
|
||||
predicates:
|
||||
@@ -137,8 +128,6 @@ spring:
|
||||
args:
|
||||
name: eventsCircuitBreaker
|
||||
fallbackUri: forward:/fallback/events
|
||||
|
||||
# Masterdata Service Routes
|
||||
- id: masterdata-service-route
|
||||
uri: lb://masterdata-service
|
||||
predicates:
|
||||
@@ -149,8 +138,6 @@ spring:
|
||||
args:
|
||||
name: masterdataCircuitBreaker
|
||||
fallbackUri: forward:/fallback/masterdata
|
||||
|
||||
# Auth Service Routes (falls vorhanden)
|
||||
- id: auth-service-route
|
||||
uri: lb://auth-service
|
||||
predicates:
|
||||
@@ -161,21 +148,15 @@ spring:
|
||||
args:
|
||||
name: authCircuitBreaker
|
||||
fallbackUri: forward:/fallback/auth
|
||||
|
||||
# Ping Service Routes (bestehend)
|
||||
- id: ping-service-route
|
||||
uri: lb://ping-service
|
||||
predicates:
|
||||
- Path=/api/ping/**
|
||||
filters:
|
||||
- StripPrefix=1
|
||||
# Disable weight calculation filter to prevent blocking operations
|
||||
filter:
|
||||
weight:
|
||||
enabled: false
|
||||
# Verbesserte CORS-Konfiguration
|
||||
# Antwort-Header bereinigen und globale Filter
|
||||
# Route-Definitionen mit Service Discovery
|
||||
filter:
|
||||
weight:
|
||||
enabled: false
|
||||
|
||||
# Circuit Breaker Konfiguration
|
||||
resilience4j:
|
||||
@@ -295,3 +276,5 @@ logging:
|
||||
max-file-size: 100MB
|
||||
total-size-cap: 1GB
|
||||
max-history: 30
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user