update auth-module ping-service consul
This commit is contained in:
+33
@@ -0,0 +1,33 @@
|
||||
package at.mocode.infrastructure.auth.config
|
||||
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.web.SecurityFilterChain
|
||||
|
||||
/**
|
||||
* Spring Security Konfiguration für den Auth-Server.
|
||||
* Ermöglicht öffentlichen Zugriff auf Actuator Health-Endpoints für Consul Health Checks.
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
return http
|
||||
.authorizeHttpRequests { authz ->
|
||||
authz
|
||||
// Erlaubt öffentlichen Zugriff auf Health-Endpoints für Consul
|
||||
.requestMatchers("/actuator/health", "/actuator/health/**").permitAll()
|
||||
.requestMatchers("/actuator/info").permitAll()
|
||||
// Alle anderen Endpoints benötigen Authentifizierung
|
||||
.anyRequest().authenticated()
|
||||
}
|
||||
.oauth2ResourceServer { oauth2 ->
|
||||
oauth2.jwt { }
|
||||
}
|
||||
.build()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,52 @@
|
||||
spring:
|
||||
application:
|
||||
name: auth-server
|
||||
|
||||
cloud:
|
||||
consul:
|
||||
discovery:
|
||||
enabled: false
|
||||
config:
|
||||
enabled: false
|
||||
|
||||
security:
|
||||
oauth2:
|
||||
resourceserver:
|
||||
jwt:
|
||||
# This will be configured via environment variables in production
|
||||
jwk-set-uri: http://localhost:8080/realms/meldestelle/protocol/openid-connect/certs
|
||||
|
||||
server:
|
||||
port: 0
|
||||
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
exposure:
|
||||
include: health,info
|
||||
base-path: /actuator
|
||||
endpoint:
|
||||
health:
|
||||
show-details: always
|
||||
show-components: always
|
||||
security:
|
||||
enabled: false
|
||||
|
||||
logging:
|
||||
level:
|
||||
at.mocode.infrastructure.auth: DEBUG
|
||||
org.springframework.security: DEBUG
|
||||
org.springframework.cloud.consul: INFO
|
||||
|
||||
# Keycloak configuration
|
||||
keycloak:
|
||||
auth-server-url: http://localhost:8080
|
||||
realm: meldestelle
|
||||
resource: auth-server
|
||||
credentials:
|
||||
secret: your-client-secret-here
|
||||
|
||||
# JWT configuration (development only - use proper secrets in production)
|
||||
jwt:
|
||||
secret: dev-secret-key-change-in-production
|
||||
expiration: 86400000 # 24 hours in milliseconds
|
||||
Reference in New Issue
Block a user