From c7b17ee546229648e697c7f37280df3f07cc919f Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael.hoennig@hostsharing.net>
Date: Wed, 11 Dec 2024 10:55:15 +0100
Subject: [PATCH] bugfix: permit access to Swagger UI (#134)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/134
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
---
 .../hsadminng/config/WebSecurityConfig.java        |  3 ++-
 .../config/WebSecurityConfigIntegrationTest.java   | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
index 3585dd8c..6da383ab 100644
--- a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
@@ -17,10 +17,11 @@ public class WebSecurityConfig {
         return http
                 .authorizeHttpRequests(authorize -> authorize
                         .requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication
+                        .requestMatchers("/swagger-ui/**").permitAll()
+                        .requestMatchers("/v3/api-docs/**").permitAll()
                         .requestMatchers("/actuator/**").permitAll()
                         .anyRequest().authenticated()
                 )
                 .build();
     }
-
 }
diff --git a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
index 8b2bf3a0..a69ca9f4 100644
--- a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
@@ -42,6 +42,20 @@ class WebSecurityConfigIntegrationTest {
         assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
     }
 
+    @Test
+    public void shouldSupportSwaggerUi() {
+        final var result = this.restTemplate.getForEntity(
+                "http://localhost:" + this.managementPort + "/swagger-ui/index.html", String.class);
+        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
+    }
+
+    @Test
+    public void shouldSupportApiDocs() {
+        final var result = this.restTemplate.getForEntity(
+                "http://localhost:" + this.managementPort + "/v3/api-docs/swagger-config", String.class);
+        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); // permitted but not configured
+    }
+
     @Test
     public void shouldSupportHealthEndpoint() {
         final var result = this.restTemplate.getForEntity(