From cd36f4559d074b4f017625496989ddc502f133e8 Mon Sep 17 00:00:00 2001
From: Sander Verbruggen <sander.verbruggen@alliander.com>
Date: Wed, 22 Nov 2023 15:01:44 +0100
Subject: [PATCH] FDP-94: Enable unauthorized access to actuator endpoints

Signed-off-by: Sander Verbruggen <sander.verbruggen@alliander.com>
---
 .../configuration/SoapEndpointMapping.java           |  7 ++++++-
 .../configuration/SecurityConfiguration.kt           |  1 +
 application/src/main/resources/application-dev.yml   | 12 +++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/application/src/main/java/org/gxf/soapbridge/application/configuration/SoapEndpointMapping.java b/application/src/main/java/org/gxf/soapbridge/application/configuration/SoapEndpointMapping.java
index 81136a8..cdd5c6a 100644
--- a/application/src/main/java/org/gxf/soapbridge/application/configuration/SoapEndpointMapping.java
+++ b/application/src/main/java/org/gxf/soapbridge/application/configuration/SoapEndpointMapping.java
@@ -20,6 +20,11 @@ public SoapEndpointMapping(final SoapEndpoint soapEndpoint) {
 
   @Override
   protected Object getHandlerInternal(@NotNull final HttpServletRequest request) {
-    return soapEndpoint;
+    if (request.getServletPath().startsWith("/actuator")) {
+      // Let Spring handle this routing
+      return null;
+    } else {
+      return soapEndpoint;
+    }
   }
 }
diff --git a/application/src/main/kotlin/org/gxf/soapbridge/configuration/SecurityConfiguration.kt b/application/src/main/kotlin/org/gxf/soapbridge/configuration/SecurityConfiguration.kt
index 5a63b01..4f4eab4 100644
--- a/application/src/main/kotlin/org/gxf/soapbridge/configuration/SecurityConfiguration.kt
+++ b/application/src/main/kotlin/org/gxf/soapbridge/configuration/SecurityConfiguration.kt
@@ -18,6 +18,7 @@ class SecurityConfiguration {
     fun filterChain(http: HttpSecurity): SecurityFilterChain =
         http.authorizeHttpRequests {
             it
+                .requestMatchers("/actuator/**").permitAll()
                 .anyRequest().authenticated()
         }.x509 {
             it
diff --git a/application/src/main/resources/application-dev.yml b/application/src/main/resources/application-dev.yml
index 427a305..59112eb 100644
--- a/application/src/main/resources/application-dev.yml
+++ b/application/src/main/resources/application-dev.yml
@@ -3,7 +3,6 @@ logging:
     org:
       gxf:
         soapbridge: DEBUG
-
 spring:
   kafka:
     bootstrap-servers: localhost:9092
@@ -46,3 +45,14 @@ soap:
     port: 443
     protocol: https
   time-out: 45
+
+management:
+  server:
+    port: 8888
+  #    ssl:
+  #      enabled: false
+  #      client-auth: none
+  endpoints:
+    web:
+      exposure:
+        include: health