cleanup

2025-03-11 14:50:02 +01:00 · 2025-03-11 14:50:02 +01:00 · 1f3ae1ddd7
commit 1f3ae1ddd7
parent 1685221567
3 changed files with 20 additions and 6 deletions
--- a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java
@ -14,6 +14,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import java.io.IOException;
+import java.util.function.Supplier;

 public class CasAuthenticator implements Authenticator {

@ -52,7 +53,7 @@ public class CasAuthenticator implements Authenticator {

        System.err.println("CasAuthenticator.casValidation using URL: " + url);

-        final var response = restTemplate.getForObject(url, String.class);
+        final var response = tryTo( () -> restTemplate.getForObject(url, String.class));

        final var doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
                .parse(new java.io.ByteArrayInputStream(response.getBytes()));
@ -68,4 +69,13 @@ public class CasAuthenticator implements Authenticator {
        System.err.println("CAS-user: " + userName);
        return userName;
    }
+
+    private <T> T tryTo(final Supplier<T> code) {
+        try {
+            final T resultValue = code.get();
+            return resultValue;
+        } catch (final Exception e) {
+            throw e;
+        }
+    }
 }
--- a/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
+++ b/src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java
@ -17,11 +17,14 @@ public class WebSecurityConfig {
    public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
        return http
                .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication
-                        .requestMatchers("/swagger-ui/**").permitAll()
-                        .requestMatchers("/v3/api-docs/**").permitAll()
-                        .requestMatchers("/actuator/**").permitAll()
-                        .anyRequest().authenticated()
+                        // TODO.impl: implement CAS authentication via Spring Security
+                        .anyRequest().permitAll()
+                        // .requestMatchers("/swagger-ui/**").permitAll()
+                        // .requestMatchers("/v3/api-docs/**").permitAll()
+                        // .requestMatchers("/actuator/**").permitAll()
+                        // .requestMatchers("/api/ping").permitAll()
+                        // .requestMatchers("/api/**").authenticated()
+                        //.anyRequest().denyAll()
                )
                .csrf(AbstractHttpConfigurer::disable)
                .build();
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -39,6 +39,7 @@ spring:

    data:
        rest:
+            # do NOT implicilty expose SpringData repositories as REST-controllers
            detection-strategy: annotated

    sql: