Exclude swagger and h2 console from required authorization. Provide a dev profile with disabled security. Provide a starter script.

Konstantin Pankratov · Konstantin Pankratov · commit 8f880e8e8639 · 2025-03-09T21:31:00.000+01:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,23 +1,19 @@
-networks:
-  virt_container_net:
-    driver: bridge
-    enable_ipv6: true
-
 services:
-  keycloak_web:
+  keycloak_web1:
     image: keycloak/keycloak:latest
-    container_name: kc-web
+    container_name: kc-web1
     environment:
       KC_DB: postgres
-      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
+      KC_DB_URL: jdbc:postgresql://keycloakdb1:5432/keycloak
       KC_DB_USERNAME: ${KC_DB_USERNAME}
       KC_DB_PASSWORD: ${KC_DB_PASSWORD}
 
       KEYCLOAK_ADMIN: ${KC_DB_USERNAME}
-      KEYCLOAK_ADMIN_PASSWORD: ${KC_DB_PASSWORD}
+      KEYCLOAK_ADMIN_PASSWORD: pass
+
 
       KC_HOSTNAME: localhost
-      KC_HOSTNAME_PORT: 1314
+      KC_HOSTNAME_PORT: 8080
       KC_HOSTNAME_STRICT: 'false'
       KC_HOSTNAME_STRICT_HTTPS: 'false'
       KC_LOG_LEVEL: debug
@@ -26,48 +22,32 @@ services:
       KC_HEALTH_ENABLED: 'true'
       KC_PROXY: edge
       KC_PROXY_HEADERS: forwarded
-      KC_HTTP_RELATIVE_PATH: "/auth"
     command: start-dev
     depends_on:
-      - postgres
+      - keycloakdb1
     ports:
-      - '7070:1314'
-    networks:
-      - virt_container_net
-  ######################################################
-  postgres:
+      - '7070:8080'
+######################################################
+  keycloakdb1:
     image: postgres:15
     volumes:
-      - ./postgres_data:/var/lib/postgresql/data
-      - ./init-db:/docker-entrypoint-initdb.d
+      - postgres_data:/var/lib/postgresql/data
     environment:
       POSTGRES_DB: keycloak
       POSTGRES_USER: ${KC_DB_USERNAME}
       POSTGRES_PASSWORD: ${KC_DB_PASSWORD}
-    networks:
-      - virt_container_net
-  ######################################################
-  spring:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    # image: panderu/study-buddies-backend:latest
-    container_name: spring-backend
-    ports:
-      - "1516:8080"
-    depends_on:
-      - keycloak_web
-    networks:
-      - virt_container_net
-  ######################################################
-  nginx:
-    image: nginx:latest
-    network_mode: host
     ports:
-      - 80:80
-      - 443:443
-    restart: always
-    depends_on:
-      - spring
-    volumes:
-      - ./nginx/conf/:/etc/nginx/conf.d/:ro
+      - '5432:5432'
+ #spring:
+ #  build:
+ #    context: .
+ #    dockerfile: Dockerfile
+ #  # image: panderu/study-buddies-backend:latest
+ #  container_name: spring-backend
+ #  ports:
+ #    - "1516:8080"
+ #  depends_on:
+ #    - keycloak_web
+######################################################
+volumes:
+  postgres_data:
diff --git a/server/src/main/java/com/studybuddies/server/configuration/DevConfig.java b/server/src/main/java/com/studybuddies/server/configuration/DevConfig.java
@@ -0,0 +1,21 @@
+package com.studybuddies.server.configuration;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.CorsConfigurer;
+import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Profile("dev")
+@Configuration
+@EnableWebSecurity
+public class DevConfig {
+  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+    http.csrf(CsrfConfigurer::disable);
+    http.cors(CorsConfigurer::disable);
+    return http.build();
+  }
+}
diff --git a/server/src/main/java/com/studybuddies/server/configuration/DevProfileListener.java b/server/src/main/java/com/studybuddies/server/configuration/DevProfileListener.java
@@ -0,0 +1,18 @@
+package com.studybuddies.server.configuration;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.context.event.ApplicationReadyEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+@Profile("dev")
+public class DevProfileListener implements ApplicationListener<ApplicationReadyEvent> {
+
+  @Override
+  public void onApplicationEvent(ApplicationReadyEvent e) {
+    log.warn("WARNING: Dev profile is active. All authorization mechanisms will be disabled.");
+  }
+}
diff --git a/server/src/main/java/com/studybuddies/server/configuration/SecurityConfig.java b/server/src/main/java/com/studybuddies/server/configuration/SecurityConfig.java
@@ -1,6 +1,6 @@
 package com.studybuddies.server.configuration;
 
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -9,16 +9,22 @@
 
 @Configuration
 @EnableMethodSecurity
+@RequiredArgsConstructor
 public class SecurityConfig {
 
-  @Autowired
   JwtAuthConverter jwtAuthConverter;
 
   @Bean
   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
     http.
-            authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
-            .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthConverter)));
+        authorizeHttpRequests(auth ->
+            auth.requestMatchers("/swagger-ui/**", "/h2-console/**", "/api-docs/**", "/v3/**").permitAll()
+        )
+        .oauth2ResourceServer(oauth2 ->
+            oauth2.jwt(jwt ->
+                jwt.jwtAuthenticationConverter(jwtAuthConverter)
+            )
+        );
     return http.build();
   }
 }
diff --git a/server/src/main/resources/application-dev.yml b/server/src/main/resources/application-dev.yml
@@ -0,0 +1,19 @@
+server:
+    port: 8080
+spring:
+    application:
+        name: server
+    datasource:
+        url: jdbc:h2:file:./data/demo
+        username: sa
+        password: password
+        driverClassName: org.h2.Driver
+    jpa:
+        database-platform: org.hibernate.dialect.H2Dialect
+        show-sql: true
+        hibernate:
+            ddl-auto: update
+    h2:
+        console.enabled: true
+springdoc:
+    swagger-ui.path: /api-docs
diff --git a/server/starter b/server/starter
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+  echo "No profile provided. Please enter the profile to use:"
+  read profile
+else
+  profile=$1
+fi
+
+mvn spring-boot:run -Dspring-boot.run.profiles=$profile
