Merge pull request #282 from DP-3T/fix/security-config-for-v2

Remove unused path. Add path for v2

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/config/MultipleJWTConfig.java

@@ -148,7 +148,7 @@ protected void configure(HttpSecurity http) throws Exception {
           .cors()
           .and()
           .authorizeRequests()
-          .antMatchers(HttpMethod.POST, "/v1/exposed", "/v1/exposedlist", "/v1/gaen/exposed")
+          .antMatchers(HttpMethod.POST, "/v1/gaen/exposed", "/v2/gaen/exposed")
           .authenticated()
           .anyRequest()
           .permitAll()

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/test/java/org/dpppt/backend/sdk/ws/controller/GaenV2ControllerTest.java

@@ -78,6 +78,25 @@ public void testHello() throws Exception {
     assertEquals("Hello from DP3T WS GAEN V2", response.getContentAsString());
   }
 
+  @Test
+  public void testNoTokenFails() throws Exception {
+    var requestList = new GaenRequest();
+    List<GaenKey> exposedKeys = new ArrayList<GaenKey>();
+    requestList.setGaenKeys(exposedKeys);
+    MvcResult response =
+        mockMvc
+            .perform(
+                post("/v2/gaen/exposed")
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .header("User-Agent", "MockMVC")
+                    .content(json(requestList)))
+            .andExpect(request().asyncNotStarted())
+            .andExpect(status().is(401))
+            .andReturn();
+    String authenticateError = response.getResponse().getHeader("www-authenticate");
+    assertTrue(authenticateError.contains("Bearer"));
+  }
+
   @Test
   public void testMalciousTokenFails() throws Exception {
     var requestList = new GaenRequest();