feature Keycloak Auth

services/ping/ping-service/build.gradle.kts

@@ -46,6 +46,8 @@ dependencies {
     implementation("org.jetbrains.kotlin:kotlin-reflect")
     // Validation for request/response validation
     implementation(libs.spring.boot.starter.validation)
+    // Spring Security for method-level authorization
+    implementation("org.springframework.boot:spring-boot-starter-security")
     // Actuator for health checks and metrics
     implementation(libs.spring.boot.starter.actuator)
     // === Service Discovery ===

services/ping/ping-service/src/main/kotlin/at/mocode/ping/service/config/SecurityConfiguration.kt

@@ -0,0 +1,36 @@
+package at.mocode.ping.service.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+
+/**
+ * Security configuration for the Ping Service.
+ * Enables method-level security for fine-grained authorization control.
+ */
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity(prePostEnabled = true)
+class SecurityConfiguration {
+
+    @Bean
+    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        return http
+            .csrf { it.disable() }
+            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
+            .authorizeHttpRequests { auth ->
+                auth
+                    // Allow health check endpoints
+                    .requestMatchers("/actuator/**", "/health/**").permitAll()
+                    // Allow ping endpoints for monitoring (these are typically public)
+                    .requestMatchers("/ping/**").permitAll()
+                    // All other endpoints require authentication (handled by method-level security)
+                    .anyRequest().authenticated()
+            }
+            .build()
+    }
+}

services/ping/ping-service/src/test/kotlin/at/mocode/ping/service/PingControllerTest.kt

@@ -20,7 +20,13 @@ import org.springframework.test.web.servlet.result.MockMvcResultMatchers.*
  * Unit tests for PingController
  * Tests REST endpoints with mocked dependencies
  */
-@WebMvcTest(PingController::class)
+@WebMvcTest(
+    controllers = [PingController::class],
+    excludeAutoConfiguration = [
+        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration::class,
+        org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration::class
+    ]
+)
 @Import(PingControllerTest.TestConfig::class)
 class PingControllerTest {