mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore(ping-service, build): remove local SecurityConfiguration, update Dockerfile, and adjust application.yaml

Browse Source 
- Deleted `SecurityConfiguration.kt` in favor of centralized security standardization.
- Optimized `Dockerfile` by replacing missing frontend directories with dummy paths for improved build stability.
- Updated `application.yaml` with updated default Keycloak and Postgres configurations.
This commit is contained in:
Stefan Mogeritsch
2026-01-16 23:24:13 +01:00
parent 11040d6765
commit c1a99c83e6
4 changed files with 34 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/services/ping/ping-service/src/main/kotlin/at/mocode/ping/service/config/SecurityConfiguration.kt
-36
View File
@@ -1,36 +0,0 @@
package at.mocode.ping.service.config
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.SecurityFilterChain
/**
* Security configuration for the Ping Service.
* Enables method-level security for fine-grained authorization control.
*/
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
class SecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
return http
.csrf { it.disable() }
.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.authorizeHttpRequests { auth ->
auth
// Allow health check endpoints
.requestMatchers("/actuator/**", "/health/**").permitAll()
// Allow ping endpoints for monitoring (these are typically public)
.requestMatchers("/ping/**").permitAll()
// All other endpoints require authentication (handled by method-level security)
.anyRequest().authenticated()
}
.build()
}
}
backend/services/ping/ping-service/src/main/resources/application.yaml
+7 -6
View File
@@ -9,9 +9,10 @@ spring:
active: ${SPRING_PROFILES_ACTIVE:dev}
datasource:
url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/meldestelle}
username: ${SPRING_DATASOURCE_USERNAME:postgres}
password: ${SPRING_DATASOURCE_PASSWORD:postgres}
# Defaults für lokalen Start (Docker Compose Ports)
url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/pg-meldestelle-db}
username: ${SPRING_DATASOURCE_USERNAME:pg-user}
password: ${SPRING_DATASOURCE_PASSWORD:pg-password}
driver-class-name: org.postgresql.Driver
jpa:
@@ -28,9 +29,9 @@ spring:
oauth2:
resourceserver:
jwt:
# Keycloak URL (innerhalb Docker Netzwerk oder Localhost)
issuer-uri: ${KEYCLOAK_ISSUER_URI:http://localhost:9090/realms/meldestelle}
jwk-set-uri: ${KEYCLOAK_JWK_SET_URI:http://localhost:9090/realms/meldestelle/protocol/openid-connect/certs}
# Keycloak URL (lokal via Port Forwarding)
issuer-uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8180/realms/meldestelle}
jwk-set-uri: ${KEYCLOAK_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
cloud:
consul: