diff --git a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java index 5d6dd116..dac0cf6e 100644 --- a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java +++ b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java @@ -14,6 +14,7 @@ import jakarta.servlet.http.HttpServletRequest; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import java.io.IOException; +import java.util.function.Supplier; public class CasAuthenticator implements Authenticator { @@ -52,7 +53,7 @@ public class CasAuthenticator implements Authenticator { System.err.println("CasAuthenticator.casValidation using URL: " + url); - final var response = restTemplate.getForObject(url, String.class); + final var response = tryTo( () -> restTemplate.getForObject(url, String.class)); final var doc = DocumentBuilderFactory.newInstance().newDocumentBuilder() .parse(new java.io.ByteArrayInputStream(response.getBytes())); @@ -68,4 +69,13 @@ public class CasAuthenticator implements Authenticator { System.err.println("CAS-user: " + userName); return userName; } + + private T tryTo(final Supplier code) { + try { + final T resultValue = code.get(); + return resultValue; + } catch (final Exception e) { + throw e; + } + } } diff --git a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java index d279ae12..aec107b4 100644 --- a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java +++ b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java @@ -17,11 +17,14 @@ public class WebSecurityConfig { public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception { return http .authorizeHttpRequests(authorize -> authorize - .requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication - .requestMatchers("/swagger-ui/**").permitAll() - .requestMatchers("/v3/api-docs/**").permitAll() - .requestMatchers("/actuator/**").permitAll() - .anyRequest().authenticated() + // TODO.impl: implement CAS authentication via Spring Security + .anyRequest().permitAll() + // .requestMatchers("/swagger-ui/**").permitAll() + // .requestMatchers("/v3/api-docs/**").permitAll() + // .requestMatchers("/actuator/**").permitAll() + // .requestMatchers("/api/ping").permitAll() + // .requestMatchers("/api/**").authenticated() + //.anyRequest().denyAll() ) .csrf(AbstractHttpConfigurer::disable) .build(); diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 28da0a0a..7abab833 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -39,6 +39,7 @@ spring: data: rest: + # do NOT implicilty expose SpringData repositories as REST-controllers detection-strategy: annotated sql: