closes #206, closes #183

Author: Alexander Furer

README.adoc

@@ -568,30 +568,26 @@ By following this approach you also decouple the transport layer and business lo
 GRPC security configuration follows the same principals and APIs as Spring WEB security configuration.
 
 ==== Default
+GRPC security is enabled by default if you have `org.springframework.security:spring-security-config`  dependency in your classpath.
 
-Defining bean with type `GrpcSecurityConfigurerAdapter` annotated with `@EnableGrpcSecurity` is sufficient to secure you GRPC services and/or methods :
+This default configuration secures GRPC methods/services annotated with `org.springframework.security.access.annotation.@Secured`  annotation. +
+Leaving  value of the annotation empty (`@Secured({})`) means : `authenticate` only, no authorization will be performed.
 
-[source,java]
-----
+If `JwtDecoder` bean exists in your context, it will also register `JwtAuthenticationProvider` to handle the validation of authentication claim.
 
-    @EnableGrpcSecurity
-    public class GrpcSecurityConfiguration extends GrpcSecurityConfigurerAdapter {
+`BasicAuthSchemeSelector` and `BearerTokenAuthSchemeSelector` are also automatically registered to support authentication with username/password and bearer token.
 
-    }
+By setting `grpc.security.auth.enabled` to `false`, GRPC security can be turned-off.
 
-----
+==== Custom
 
-This default configuration secures GRPC methods/services annotated with `org.springframework.security.access.annotation.@Secured`  annotation. +
-Leaving  value of the annotation empty (`@Secured({})`) means : `authenticate` only, no authorization will be performed. +
-If `JwtDecoder` bean exists in your context, it will also register `JwtAuthenticationProvider` to handle the validation of authentication claim.
+Customization of GRPC security configuration is done by extending `GrpcSecurityConfigurerAdapter` (Various configuration examples and test scenarios are link:grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/auth[here].)
 
-==== Custom
 
-Various configuration examples and test scenarios are link:grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/auth[here].
 
 [source,java]
 ----
-    @EnableGrpcSecurity
+    @Configuration
     public class GrpcSecurityConfiguration extends GrpcSecurityConfigurerAdapter {
         @Autowired
         private JwtDecoder jwtDecoder;
@@ -616,7 +612,7 @@ One is possible to plug in your own bespoke authentication provider by implement
 
 [source,java]
 ----
-@EnableGrpcSecurity
+@Configuration
     public class GrpcSecurityConfiguration extends GrpcSecurityConfigurerAdapter {
     @Override
         public void configure(GrpcSecurity builder) throws Exception {

grpc-spring-boot-starter-demo/build.gradle

@@ -51,6 +51,8 @@ configurations {
 dependencies {
 
     implementation "org.springframework.boot:spring-boot-starter-actuator"
+    implementation "io.micrometer:micrometer-registry-prometheus"
+
     implementation 'org.springframework.boot:spring-boot-starter-web'
 
     implementation "org.springframework.security:spring-security-config"

grpc-spring-boot-starter-demo/src/main/java/org/lognet/springboot/grpc/demo/SecuredGreeterService.java

@@ -11,6 +11,8 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 
+import java.util.Optional;
+
 @Slf4j
 @GRpcService(interceptors = { LogInterceptor.class })
 @Secured("SCOPE_profile")
@@ -29,7 +31,10 @@ public void sayAuthHello(Empty request, StreamObserver<GreeterOuterClass.HelloRe
 
     @Override
     public void sayAuthHello2(Empty request, StreamObserver<GreeterOuterClass.HelloReply> responseObserver) {
-        reply(GrpcSecurity.AUTHENTICATION_CONTEXT_KEY.get().getName(),responseObserver);
+        String userName = Optional.ofNullable(GrpcSecurity.AUTHENTICATION_CONTEXT_KEY.get())
+                .map(Authentication::getName)
+                .orElse("anonymous");
+        reply(userName,responseObserver);
     }
 
     private void reply(String userName,StreamObserver<GreeterOuterClass.HelloReply> responseObserver){

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/CustomInterceptorsOrderTest.java

@@ -113,10 +113,7 @@ protected void afterGreeting() {
     }
 
     @TestConfiguration
-    static class TestCfg {
-
-        @EnableGrpcSecurity
-        public class DemoGrpcSecurityConfig extends GrpcSecurityConfigurerAdapter {
+    static class TestCfg  extends GrpcSecurityConfigurerAdapter {
 
 
             static final String pwd = "strongPassword1";
@@ -159,7 +156,7 @@ public boolean supports(Class<?> authentication) {
                         })
                         .userDetailsService(new InMemoryUserDetailsManager(user()));
             }
-        }
+
 
         @Bean
         @GRpcGlobalInterceptor
@@ -188,7 +185,7 @@ protected Channel getChannel() {
 
 
         final AuthClientInterceptor interceptor = new AuthClientInterceptor(AuthHeader.builder()
-                .basic(user.getUsername(), TestCfg.DemoGrpcSecurityConfig.pwd.getBytes())
+                .basic(user.getUsername(), TestCfg.pwd.getBytes())
         );
         return ClientInterceptors.intercept(super.getChannel(), interceptor);
     }

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/DefaultGrpcPortTest.java

@@ -8,13 +8,15 @@
 import org.lognet.springboot.grpc.context.LocalRunningGrpcPort;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.NONE;
 
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = {DemoApp.class}, webEnvironment = NONE)
+@ActiveProfiles("disable-security")
 public class DefaultGrpcPortTest extends GrpcServerTestBase {
     @LocalRunningGrpcPort
     int runningPort;

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/DemoAppTest.java

@@ -1,5 +1,7 @@
 package org.lognet.springboot.grpc;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import io.grpc.ServerInterceptor;
 import io.grpc.examples.CalculatorGrpc;
 import io.grpc.examples.CalculatorOuterClass;
@@ -13,6 +15,10 @@
 import io.grpc.reflection.v1alpha.ServerReflectionResponse;
 import io.grpc.reflection.v1alpha.ServiceResponse;
 import io.grpc.stub.StreamObserver;
+import io.micrometer.core.instrument.Timer;
+import io.micrometer.prometheus.PrometheusConfig;
+import org.awaitility.Awaitility;
+import org.hamcrest.Matchers;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
@@ -21,44 +27,67 @@
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.system.OutputCaptureRule;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
 
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Spliterator;
+import java.util.Spliterators;
+import java.util.concurrent.Callable;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Stream;
+import java.util.stream.StreamSupport;
 
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.greaterThan;
+import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.Assert.*;
 import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
  * Created by alexf on 28-Jan-16.
  */
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = {DemoApp.class, TestConfig.class}, webEnvironment = RANDOM_PORT
         , properties = {"grpc.enableReflection=true",
-        "grpc.port=0",
         "grpc.shutdownGrace=-1"
 })
-public class DemoAppTest extends GrpcServerTestBase{
+@ActiveProfiles({"disable-security", "measure"})
+
+public class DemoAppTest extends GrpcServerTestBase {
+
+    @Autowired
+    private PrometheusConfig prometheusConfig;
 
     @Autowired
     private TestRestTemplate restTemplate;
 
     @Rule
     public OutputCaptureRule outputCapture = new OutputCaptureRule();
 
+
     @Autowired
     @Qualifier("globalInterceptor")
-    private  ServerInterceptor globalInterceptor;
+    private ServerInterceptor globalInterceptor;
 
 
     @Test
@@ -79,7 +108,7 @@ public void interceptorsTest() throws ExecutionException, InterruptedException {
                 .get().getResult();
 
         // global interceptor should be invoked once on each service
-        Mockito.verify(globalInterceptor,Mockito.times(2)).interceptCall(Mockito.any(),Mockito.any(),Mockito.any());
+        Mockito.verify(globalInterceptor, Mockito.times(2)).interceptCall(Mockito.any(), Mockito.any(), Mockito.any());
 
 
         // log interceptor should be invoked only on GreeterService and not CalculatorService
@@ -90,15 +119,15 @@ public void interceptorsTest() throws ExecutionException, InterruptedException {
         outputCapture.expect(containsString("I'm not Spring bean interceptor and still being invoked..."));
     }
 
-        @Test
+    @Test
     public void actuatorTest() throws ExecutionException, InterruptedException {
-        ResponseEntity<String> response = restTemplate.getForEntity("/env", String.class);
+        ResponseEntity<String> response = restTemplate.getForEntity("/actuator/env", String.class);
         assertEquals(HttpStatus.OK, response.getStatusCode());
     }
 
 
     @Test
-    public void testDefaultConfigurer(){
+    public void testDefaultConfigurer() {
         Assert.assertEquals("Default configurer should be picked up",
                 context.getBean(GRpcServerBuilderConfigurer.class).getClass(),
                 GRpcServerBuilderConfigurer.class);
@@ -142,4 +171,33 @@ public void testHealthCheck() throws ExecutionException, InterruptedException {
         assertNotNull(servingStatus);
         assertEquals(servingStatus, HealthCheckResponse.ServingStatus.SERVING);
     }
+
+    @Override
+    protected void afterGreeting() throws Exception {
+
+
+        ResponseEntity<ObjectNode> metricsResponse = restTemplate.getForEntity("/actuator/metrics", ObjectNode.class);
+        assertEquals(HttpStatus.OK, metricsResponse.getStatusCode());
+        final String metricName = "grpc.server.calls";
+        final Optional<String> containsGrpcServerCallsMetric = StreamSupport.stream(Spliterators.spliteratorUnknownSize(metricsResponse.getBody().withArray("names")
+                .elements(), Spliterator.NONNULL), false)
+                .map(JsonNode::asText)
+                .filter(metricName::equals)
+                .findFirst();
+        assertThat("Should contain " + metricName,containsGrpcServerCallsMetric.isPresent());
+
+
+        Callable<Long> getPrometheusMetrics = () -> {
+            ResponseEntity<String> response = restTemplate.getForEntity("/actuator/prometheus", String.class);
+            assertEquals(HttpStatus.OK, response.getStatusCode());
+            return Stream.of(response.getBody().split(System.lineSeparator()))
+                    .filter(s -> s.contains(metricName.replace('.','_')))
+                    .count();
+        };
+
+        Awaitility
+                .waitAtMost(Duration.ofMillis(prometheusConfig.step().toMillis() * 2))
+                .until(getPrometheusMetrics,Matchers.greaterThan(0L));
+
+    }
 }

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/DisabledGrpcServerTest.java

@@ -4,6 +4,7 @@
 import org.junit.runner.RunWith;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import static org.junit.Assert.assertNotNull;
@@ -17,6 +18,7 @@
 @SpringBootTest(classes = {DemoApp.class },webEnvironment = NONE
         ,properties = {"grpc.enabled=false","grpc.inProcessServerName=testServer","grpc.shutdownGrace=-1"}
 )
+@ActiveProfiles("disable-security")
 public class DisabledGrpcServerTest extends GrpcServerTestBase {
 
 

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/EnvVarGrpcPortTest.java

@@ -9,13 +9,15 @@
 import org.lognet.springboot.grpc.context.LocalRunningGrpcPort;
 import org.lognet.springboot.grpc.demo.DemoApp;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.util.SocketUtils;
 
 import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.NONE;
 
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = {DemoApp.class}, webEnvironment = NONE)
+@ActiveProfiles("disable-security")
 public class EnvVarGrpcPortTest extends GrpcServerTestBase {
 
 

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/GrpcBuggySecuritySettingsTest.java

@@ -16,7 +16,7 @@
 
 @RunWith(SpringRunnerWithGlobalExpectedExceptionInspected.class)
 @SpringBootTest(classes = {DemoApp.class}, webEnvironment = NONE)
-@ActiveProfiles("buggy-security")
+@ActiveProfiles({"buggy-transport-security","disable-security"})
 @ExpectedStartupExceptionWithInspector(GrpcBuggySecuritySettingsTest.ExceptionInspector.class)
 public class GrpcBuggySecuritySettingsTest extends GrpcServerTestBase {
     @Test

grpc-spring-boot-starter-demo/src/test/java/org/lognet/springboot/grpc/GrpcMeterTest.java

@@ -9,6 +9,7 @@
 import io.micrometer.core.instrument.Tag;
 import io.micrometer.core.instrument.Timer;
 import io.micrometer.core.instrument.simple.SimpleConfig;
+import io.micrometer.prometheus.PrometheusConfig;
 import org.awaitility.Awaitility;
 import org.junit.Before;
 import org.junit.runner.RunWith;
@@ -83,7 +84,7 @@ public Iterable<Tag> getTags(Status status, MethodDescriptor<?, ?> methodDescrip
     private int port;
 
     @Autowired
-    private SimpleConfig registryConfig;
+    private PrometheusConfig registryConfig;
 
     @Before
     public void setUp()  {