fix(backend): Arrange unit test and fix vulnerability

eclipse-tractusx · Feb 28, 2024 · 058910a · 058910a
1 parent 5943f7f
commit 058910a
Show file tree

Hide file tree

Showing 6 changed files with 249 additions and 239 deletions.
diff --git a/pom.xml b/pom.xml
@@ -264,11 +264,7 @@
                 <groupId>org.liquibase</groupId>
                 <artifactId>liquibase-maven-plugin</artifactId>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-help-plugin</artifactId>
-                <version>${maven-clean-plugin.version}</version>
-            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>

diff --git a/src/main/java/org/eclipse/tractusx/valueaddedservice/config/SecurityConfiguration.java b/src/main/java/org/eclipse/tractusx/valueaddedservice/config/SecurityConfiguration.java
@@ -24,8 +24,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -43,7 +42,6 @@ public class SecurityConfiguration  {
     @Bean
     @ConditionalOnProperty(prefix = "security", name = "enabled", havingValue = "true")
     public SecurityFilterChain securityFilterChain(final HttpSecurity httpSecurity) throws Exception {
-
         httpSecurity.cors(withDefaults())
                                 .authorizeHttpRequests((auth-> auth
                                         .requestMatchers("/error","/api/dashboard/**","/api/sharing/**","/api/edc/**")
@@ -69,23 +67,12 @@ public void addCorsMappings(CorsRegistry registry) {
         };
     }
 
-    @Bean
-    @ConditionalOnProperty(prefix = "security", name = "enabled", havingValue = "false")
-    public SecurityFilterChain securityFilterChainLocal(final HttpSecurity httpSecurity) throws Exception {
-
-        httpSecurity.cors(withDefaults())
-                .formLogin((AbstractHttpConfigurer::disable))
-                .httpBasic(AbstractHttpConfigurer::disable)
-                .logout(AbstractHttpConfigurer::disable)
-                .headers(headers->headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
-                .authorizeHttpRequests((auth-> auth
-                        .requestMatchers("/error","/api/**","/management/**","/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**")
-                        .permitAll()
-                ));
 
 
-
-        return httpSecurity.build();
+    @Bean
+    @ConditionalOnProperty(prefix = "security", name = "enabled", havingValue = "false")
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring().requestMatchers("/**");
     }