feat(fullstack): Add server health check with overlay

2025-09-05 15:24:51 +02:00
parent 6090d543c1
commit 79c0734bd2
10 changed files with 201 additions and 8 deletions
--- a/legalconsenthub-backend/build.gradle
+++ b/legalconsenthub-backend/build.gradle
@@ -42,6 +42,7 @@ dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation "com.openhtmltopdf:openhtmltopdf-core:$openHtmlVersion"
    implementation "com.openhtmltopdf:openhtmltopdf-pdfbox:$openHtmlVersion"
    implementation "com.openhtmltopdf:openhtmltopdf-java2d:$openHtmlVersion"
--- a/legalconsenthub-backend/src/main/kotlin/com/betriebsratkanzlei/legalconsenthub/config/SecurityConfig.kt
+++ b/legalconsenthub-backend/src/main/kotlin/com/betriebsratkanzlei/legalconsenthub/config/SecurityConfig.kt
@@ -2,6 +2,7 @@ package com.betriebsratkanzlei.legalconsenthub.config

 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.core.annotation.Order
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.invoke
@@ -16,24 +17,38 @@ import org.springframework.http.HttpMethod
 class SecurityConfig {

    @Bean
-    fun securityFilterChain(
+    @Order(1)
+    fun publicApiSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            securityMatcher("/swagger-ui/**", "/v3/**", "/actuator/**", "/users")
+            csrf { disable() }
+            authorizeHttpRequests {
+                authorize("/swagger-ui/**", permitAll)
+                authorize("/v3/**", permitAll)
+                authorize("/actuator/**", permitAll)
+                // For user registration
+                authorize(HttpMethod.POST, "/users", permitAll)
+                authorize(anyRequest, denyAll)
+            }
+        }
+        return http.build()
+    }
+
+    @Bean
+    @Order(2)
+    fun protectedApiSecurityFilterChain(
        http: HttpSecurity,
        customJwtAuthenticationConverter: CustomJwtAuthenticationConverter
    ): SecurityFilterChain {
        http {
            csrf { disable() }
            authorizeHttpRequests {
-                authorize("/swagger-ui/**", permitAll)
-                authorize("/v3/**", permitAll)
-                // For user registration
-                authorize(HttpMethod.POST, "/users", permitAll)
                authorize(anyRequest, authenticated)
            }
            oauth2ResourceServer {
                jwt { jwtAuthenticationConverter = customJwtAuthenticationConverter }
            }
        }
-
        return http.build()
    }