remove-f-webflux-and-reactive-programming

admin-service/src/main/kotlin/com/michibaum/admin_service/security/SecurityConfiguration.kt

@@ -23,11 +23,8 @@ class SecurityConfiguration {
     ): SecurityFilterChain {
         return http
             .authorizeHttpRequests {
-                it.requestMatchers(
-                    "/actuator",
-                    "/actuator/**"
-                ).hasAnyAuthority(Permissions.ADMIN_SERVICE.name)
-                .anyRequest().authenticated()
+                it.anyRequest()
+                    .hasAnyAuthority(Permissions.ADMIN_SERVICE.name)
             }
             .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
             .httpBasic { httpBasicSpec -> httpBasicSpec.disable() }

admin-service/src/main/resources/application.yml

@@ -72,4 +72,19 @@ management:
       enabled: true
   info:
     git:
-      mode: full
+      mode: full
+      enabled: true
+    build:
+      enabled: true
+    defaults:
+      enabled: true
+    env:
+      enabled: true
+    java:
+      enabled: true
+    os:
+      enabled: true
+    process:
+      enabled: true
+    ssl:
+      enabled: true

admin-service/src/test/kotlin/com/michibaum/admin_service/ActuatorIT.kt

@@ -1,10 +1,13 @@
 package com.michibaum.admin_service
 
-import org.junit.jupiter.api.Test
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.ValueSource
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
 import org.springframework.boot.test.context.SpringBootTest
-import org.springframework.test.web.reactive.server.WebTestClient
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
 import java.util.*
 
 @AutoConfigureMockMvc
@@ -15,102 +18,34 @@ import java.util.*
 class ActuatorIT {
 
     @Autowired
-    lateinit var webClient: WebTestClient
+    lateinit var mockMvc: MockMvc
 
-    @Test
-    fun `actuator without authentication returns 401`(){
+    @ParameterizedTest
+    @ValueSource(strings = ["/actuator", "/actuator/health", "/actuator/info"])
+    fun `actuator endpoints return 401`(endpoint: String){
         // GIVEN
 
         // WHEN
-        webClient.get()
-            .uri("/actuator")
-            .exchange()
-            .expectStatus()
-            .isUnauthorized
+        mockMvc.perform(get(endpoint))
+            .andExpect(status().isUnauthorized)
 
         // THEN
 
     }
 
-    @Test
-    fun `actuator health without authentication returns 401`(){
-        // GIVEN
-
-        // WHEN
-        webClient.get()
-            .uri("/actuator/health")
-            .exchange()
-            .expectStatus()
-            .isUnauthorized
-
-        // THEN
-
-    }
-
-    @Test
-    fun `actuator info without authentication returns 401`(){
-        // GIVEN
-
-        // WHEN
-        webClient.get()
-            .uri("/actuator/info")
-            .exchange()
-            .expectStatus()
-            .isUnauthorized
-
-        // THEN
-
-    }
-
-    @Test
-    fun `actuator with authentication returns 200`(){
-        // GIVEN
-        val basicAuth = "someUsername:somePasswööörd"
-        val basicAuthEncoded = Base64.getEncoder().encodeToString(basicAuth.toByteArray())
-
-        // WHEN
-        webClient.get()
-            .uri("/actuator")
-            .headers { it.setBasicAuth(basicAuthEncoded) }
-            .exchange()
-            .expectStatus()
-            .isOk // TODO returns 302 redirect to / because of success authentication
-
-        // THEN
-
-    }
-
-    @Test
-    fun `actuator health with authentication returns 200`(){
-        // GIVEN
-        val basicAuth = "someUsername:somePasswööörd"
-        val basicAuthEncoded = Base64.getEncoder().encodeToString(basicAuth.toByteArray())
-
-        // WHEN
-        webClient.get()
-            .uri("/actuator/health")
-            .headers { it.setBasicAuth(basicAuthEncoded) }
-            .exchange()
-            .expectStatus()
-            .isOk // TODO returns 302 redirect to / because of success authentication
-
-        // THEN
-
-    }
-
-    @Test
-    fun `actuator info with authentication returns 200`(){
+    @ParameterizedTest
+    @ValueSource(strings = ["/actuator", "/actuator/health", "/actuator/info"])
+    fun `actuator endpoints with basic authentication return 200`(endpoint: String){
         // GIVEN
         val basicAuth = "someUsername:somePasswööörd"
         val basicAuthEncoded = Base64.getEncoder().encodeToString(basicAuth.toByteArray())
 
         // WHEN
-        webClient.get()
-            .uri("/actuator/info")
-            .headers { it.setBasicAuth(basicAuthEncoded) }
-            .exchange()
-            .expectStatus()
-            .isOk // TODO returns 302 redirect to / because of success authentication
+        mockMvc.perform(
+            get(endpoint)
+                .header("Authorization", "Basic $basicAuthEncoded")
+        )
+            .andExpect(status().isOk)
 
         // THEN
 

admin-service/src/test/resources/application.yml

@@ -69,4 +69,19 @@ management:
       enabled: true
   info:
     git:
-      mode: full
+      mode: full
+      enabled: true
+    build:
+      enabled: true
+    defaults:
+      enabled: true
+    env:
+      enabled: true
+    java:
+      enabled: true
+    os:
+      enabled: true
+    process:
+      enabled: true
+    ssl:
+      enabled: true

authentication-library/src/main/kotlin/com/michibaum/authentication_library/security/ServletDelegateAuthenticationManager.kt

@@ -1,6 +1,7 @@
 package com.michibaum.authentication_library.security
 
 import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.BadCredentialsException
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContextHolder
 
@@ -10,14 +11,21 @@ class ServletDelegateAuthenticationManager(private val authenticationManagers: L
             throw Exception("Empty authentication")
         }
 
+        val auths = mutableListOf<Authentication>()
         for(authManager in authenticationManagers){
             if(authManager.supports(authentication.javaClass)){
-                val auth =  authManager.authenticate(authentication) ?: throw Exception("Empty authentication")
-                SecurityContextHolder.getContext().authentication = auth
-                return auth
+                val auth = authManager.authenticate(authentication) ?: continue
+                auths.add(auth)
             }
         }
 
-        throw NoAuthenticationManagerException("No authentication Manager found for ${authentication::class}")
+        val authenticated = auths.filter { it.isAuthenticated }
+
+        if(authenticated.size > 1 || authenticated.isEmpty()) {
+            throw BadCredentialsException("More than one, or none authentication was authenticated.")
+        }
+
+        SecurityContextHolder.getContext().authentication = authenticated[0]
+        return authenticated[0]
     }
 }