enable spring security for all profiles

goekay · goekay · commit ae47c8413fe7 · 2024-08-15T07:53:50.000+02:00
reason: so far, spring security was enabled only for prod profile. the tests were running
with test profile. therefore, any security-related issue/regression was not detected.
diff --git a/src/main/java/de/rwth/idsg/steve/Application.java b/src/main/java/de/rwth/idsg/steve/Application.java
@@ -46,9 +46,9 @@ public Application() {
 
         switch (sc.getProfile()) {
             case DEV:
+            case TEST:
                 delegate = new SteveDevStarter();
                 break;
-            case TEST:
             case PROD:
                 delegate = new SteveProdStarter();
                 break;
diff --git a/src/main/java/de/rwth/idsg/steve/SteveAppContext.java b/src/main/java/de/rwth/idsg/steve/SteveAppContext.java
@@ -110,15 +110,13 @@ private WebAppContext initWebApp() {
         ctx.addServlet(web, CONFIG.getSpringMapping());
         ctx.addServlet(cxf, CONFIG.getCxfMapping() + "/*");
 
-        if (CONFIG.getProfile().isProd()) {
-            // If PROD, add security filter
-            ctx.addFilter(
-                // The bean name is not arbitrary, but is as expected by Spring
-                new FilterHolder(new DelegatingFilterProxy(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)),
-                CONFIG.getSpringMapping() + "*",
-                EnumSet.allOf(DispatcherType.class)
-            );
-        }
+        // add spring security
+        ctx.addFilter(
+            // The bean name is not arbitrary, but is as expected by Spring
+            new FilterHolder(new DelegatingFilterProxy(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)),
+            CONFIG.getSpringMapping() + "*",
+            EnumSet.allOf(DispatcherType.class)
+        );
 
         initJSP(ctx);
         return ctx;
diff --git a/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java b/src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java
@@ -20,12 +20,9 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
-import de.rwth.idsg.steve.SteveProdCondition;
 import de.rwth.idsg.steve.web.api.ApiControllerAdvice;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
@@ -34,7 +31,6 @@
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -52,6 +48,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
 
 import static de.rwth.idsg.steve.SteveConfiguration.CONFIG;
@@ -63,7 +60,6 @@
 @Slf4j
 @Configuration
 @EnableWebSecurity
-@Conditional(SteveProdCondition.class)
 public class SecurityConfiguration {
 
     /**
