From eb7470a8c3c562256429a39d75eaa16a0170eed1 Mon Sep 17 00:00:00 2001
From: flawmop <flawmop@insilicosoft.com>
Date: Tue, 16 Jan 2024 19:27:19 -0800
Subject: [PATCH] Adapt to route authn to keycloak

---
 .../portal/edgesvr/config/SecurityConfig.java |  5 +--
 src/main/resources/application.yml            |  4 +++
 .../edgesvr/config/SecurityConfigTests.java   | 31 +++++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java

diff --git a/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java b/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java
index 6738fc0..caf1d72 100644
--- a/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java
+++ b/src/main/java/com/insilicosoft/portal/edgesvr/config/SecurityConfig.java
@@ -11,9 +11,10 @@ public class SecurityConfig {
 
   @Bean
   SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
-    return http.authorizeExchange(exchange -> exchange.anyExchange().authenticated())
+    return http.authorizeExchange(exchange -> exchange.pathMatchers("/", "/css/*", "/js/*", "/icon/*", "/img/*", "/auth/*").permitAll()
+                                                      .anyExchange().authenticated())
                                  .oauth2Login(Customizer.withDefaults())
                                  .build();
     }
 
-}
+}
\ No newline at end of file
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 2db5435..4232b78 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -17,6 +17,10 @@ spring:
           uri: ${ROUTE_DEFAULT:http://localhost:9001}/
           predicates:
             - Path=/
+        - id: auth-route
+          uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8080/realms/Portal}/
+          predicates:
+            - Path=/auth/
   security:
     oauth2:
       client:
diff --git a/src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java b/src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java
new file mode 100644
index 0000000..b595547
--- /dev/null
+++ b/src/test/java/com/insilicosoft/portal/edgesvr/config/SecurityConfigTests.java
@@ -0,0 +1,31 @@
+package com.insilicosoft.portal.edgesvr.config;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.WebFluxTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+@WebFluxTest
+@Import(SecurityConfig.class)
+class SecurityConfigTests {
+
+  @Autowired
+  WebTestClient webClient;
+
+  @MockBean
+  ReactiveClientRegistrationRepository mockReactiveClientRegistrationRepository;
+
+  @Test
+  void whenNotLoggedInAndAccessingUnsecuredButUnavailableThen404() {
+    webClient.get().uri("/favicon.ico").exchange().expectStatus().isNotFound();
+  }
+
+  @Test
+  void whenNotLoggedInAndAccessingNonPermitAllThen302() {
+    webClient.get().uri("/nonPermitAll.html").exchange().expectStatus().isFound();
+  }
+
+}
\ No newline at end of file