diff --git a/src/main/java/uk/gov/hmcts/ccd/auth/SecurityConfiguration.java b/src/main/java/uk/gov/hmcts/ccd/auth/SecurityConfiguration.java index e49fe705..4b91c655 100644 --- a/src/main/java/uk/gov/hmcts/ccd/auth/SecurityConfiguration.java +++ b/src/main/java/uk/gov/hmcts/ccd/auth/SecurityConfiguration.java @@ -38,7 +38,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { "/health/readiness", "/health/liveness", "/status/health", - "/loggers/**", "/error").permitAll() .anyRequest().authenticated()) ; diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 998acf16..14cd4ecb 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -72,6 +72,8 @@ management: diskspace: enabled: true endpoint: + loggers: + enabled: false metrics: enabled: true cache: diff --git a/src/test/java/uk/gov/hmcts/ccd/auth/SecurityConfigurationTest.java b/src/test/java/uk/gov/hmcts/ccd/auth/SecurityConfigurationTest.java new file mode 100644 index 00000000..dafc7032 --- /dev/null +++ b/src/test/java/uk/gov/hmcts/ccd/auth/SecurityConfigurationTest.java @@ -0,0 +1,69 @@ +package uk.gov.hmcts.ccd.auth; + +import jakarta.servlet.http.HttpServletResponse; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Import; +import org.springframework.http.ResponseEntity; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.test.util.ReflectionTestUtils; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import uk.gov.hmcts.reform.auth.parser.idam.core.service.token.ServiceTokenParser; + +import java.util.List; + +import static org.mockito.Mockito.mock; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@WebMvcTest(controllers = SecurityConfigurationTest.TestEndpoints.class) +@Import({SecurityConfiguration.class, SecurityConfigurationTest.SecurityTestConfig.class}) +class SecurityConfigurationTest { + + @Autowired + private MockMvc mockMvc; + + @Test + void shouldAllowAnonymousStatusHealthEndpoint() throws Exception { + mockMvc.perform(get("/status/health")) + .andExpect(status().isOk()); + } + + @Test + void shouldRejectAnonymousLoggerEndpoint() throws Exception { + mockMvc.perform(get("/loggers")) + .andExpect(status().is(HttpServletResponse.SC_FORBIDDEN)); + } + + @TestConfiguration + static class SecurityTestConfig { + + @Bean + AuthCheckerFilter authCheckerFilter() { + ServiceTokenParser serviceTokenParser = mock(ServiceTokenParser.class); + AuthenticationManager authenticationManager = mock(AuthenticationManager.class); + AuthCheckerFilter filter = new AuthCheckerFilter(serviceTokenParser, authenticationManager); + ReflectionTestUtils.setField(filter, "authorisedSServices", List.of("ccd_data")); + return filter; + } + } + + @RestController + public static class TestEndpoints { + + @GetMapping("/status/health") + public ResponseEntity statusHealth() { + return ResponseEntity.ok().build(); + } + + @GetMapping("/loggers") + public ResponseEntity loggers() { + return ResponseEntity.ok().build(); + } + } +}