Adapt to route authn to keycloak

flawmop · Jan 17, 2024 · eb7470a · eb7470a
1 parent bae3014
commit eb7470a
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java b/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java
@@ -11,9 +11,10 @@ public class SecurityConfig {
 
   @Bean
   SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
-    return http.authorizeExchange(exchange -> exchange.anyExchange().authenticated())
+    return http.authorizeExchange(exchange -> exchange.pathMatchers("/", "/css/*", "/js/*", "/icon/*", "/img/*", "/auth/*").permitAll()
+                                                      .anyExchange().authenticated())
                                  .oauth2Login(Customizer.withDefaults())
                                  .build();
     }
 
-}
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -17,6 +17,10 @@ spring:
           uri: ${ROUTE_DEFAULT:http://localhost:9001}/
           predicates:
             - Path=/
+        - id: auth-route
+          uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8080/realms/Portal}/
+          predicates:
+            - Path=/auth/
   security:
     oauth2:
       client:

diff --git a/src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java b/src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java
@@ -0,0 +1,31 @@
+package com.insilicosoft.portal.edgesvr.config;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+@WebFluxTest
+@Import(SecurityConfig.class)
+class SecurityConfigTests {
+
+  @Autowired
+  WebTestClient webClient;
+
+  @MockBean
+  ReactiveClientRegistrationRepository mockReactiveClientRegistrationRepository;
+
+  @Test
+  void whenNotLoggedInAndAccessingUnsecuredButUnavailableThen404() {
+    webClient.get().uri("/favicon.ico").exchange().expectStatus().isNotFound();
+  }
+
+  @Test
+  void whenNotLoggedInAndAccessingNonPermitAllThen302() {
+    webClient.get().uri("/nonPermitAll.html").exchange().expectStatus().isFound();
+  }
+
+}