feat(SecurityConfig): configure Swagger API-Key usage globally

eclipse-tractusx · Feb 17, 2024 · c63f24e · c63f24e
1 parent 753580c
commit c63f24e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/security/SecurityConfig.java b/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/security/SecurityConfig.java
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2023, 2024 Volkswagen AG
- * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023-2024 Volkswagen AG
+ * Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -20,6 +20,12 @@
 package org.eclipse.tractusx.puris.backend.common.security;
 
 
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import jakarta.servlet.DispatcherType;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -43,8 +49,12 @@
 @EnableWebSecurity
 @AllArgsConstructor
 @Slf4j
+@SecurityScheme(type = SecuritySchemeType.APIKEY, name = SecurityConfig.API_KEY_HEADER_NAME, in = SecuritySchemeIn.HEADER)
+@OpenAPIDefinition(info = @Info(title = "PURIS FOSS Open API", version = "1.0.0"), security = {@SecurityRequirement(name = "X-API-KEY")})
 public class SecurityConfig {
 
+    public static final String API_KEY_HEADER_NAME = "X-API-KEY";
+
     private final ApiKeyAuthenticationFilter apiKeyAuthenticationFilter;
 
     @Bean
@@ -69,7 +79,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .authorizeHttpRequests(
                 // any request in spring context
                 (authorizeHttpRequests) -> authorizeHttpRequests
-                    .requestMatchers("/stockView/**", "/partners/**",  "/materials/**", "/materialpartnerrelations/**", "/item-stock/**", "/edrendpoint/**", "/edc/**").authenticated()
+                    .requestMatchers("/stockView/**", "/partners/**", "/materials/**", "/materialpartnerrelations/**", "/item-stock/**", "/edrendpoint/**", "/edc/**").authenticated()
                     .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/health/**").permitAll()
                     .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
             )

diff --git a/.../org/eclipse/tractusx/puris/backend/common/security/logic/ApiKeyAuthenticationFilter.java b/.../org/eclipse/tractusx/puris/backend/common/security/logic/ApiKeyAuthenticationFilter.java
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2023 Volkswagen AG
- * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023-2024 Volkswagen AG
+ * Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -24,7 +24,9 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.AllArgsConstructor;
+import org.eclipse.tractusx.puris.backend.common.security.SecurityConfig;
 import org.eclipse.tractusx.puris.backend.common.security.domain.ApiKeyAuthentication;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -39,18 +41,18 @@
 @AllArgsConstructor
 public class ApiKeyAuthenticationFilter extends OncePerRequestFilter {
 
-    public final String API_KEY_HEADER = "X-API-KEY";
     private final ApiKeyAuthenticationProvider apiKeyAuthenticationProvider;
+
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        String headerKey = request.getHeader(API_KEY_HEADER);
+    protected void doFilterInternal(HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException {
+        String headerKey = request.getHeader(SecurityConfig.API_KEY_HEADER_NAME);
 
-        if (headerKey != null){
+        if (headerKey != null) {
             ApiKeyAuthentication apiKeyAuthentication = new ApiKeyAuthentication(headerKey, false);
             Authentication authenticatedObject = apiKeyAuthenticationProvider.authenticate(apiKeyAuthentication);
             SecurityContextHolder.getContext().setAuthentication(authenticatedObject);
         }
 
-        filterChain.doFilter(request,response);
+        filterChain.doFilter(request, response);
     }
 }