Open all swagger-requested endpoints

Avoid the basic HTTP auth sign-in challenge when testing locally

Change-Id: I1f009f896cb387178d1dd5c43d621d3a2eaeb1eb
Signed-off-by: Lott, Christopher (cl778h) <cl778h@att.com>

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 598daf6..42e8308 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -20,8 +20,8 @@
 RIC Dashboard Release Notes
 ===========================
 
-Version 1.2.0, 31 July 2019
----------------------------
+Version 1.2.0, 7 Aug 2019
+-------------------------
 * Split URL properties into prefix/suffix parts
 * Add jacoco plugin to back-end for code coverage
 * Compile with Java version 11, run with image openjdk:11

diff --git a/webapp-backend/pom.xml b/webapp-backend/pom.xml
index a7ee92b..f093d0e 100644 (file)
--- a/webapp-backend/pom.xml
+++ b/webapp-backend/pom.xml
@@ -298,11 +298,11 @@ limitations under the License.
                                                                        <!-- Include maven dir on classpath for prop files -->
                                                                        <exec>
                                                                                <arg>java</arg>
+                                                                               <arg>-Xms128m</arg>
+                                                                               <arg>-Xmx256m</arg>
                                                                                <arg>-cp</arg>
                                                                                <arg>maven:maven/${project.artifactId}-${project.version}.${project.packaging}</arg>
                                                                                <arg>-Dloader.main=org.oransc.ric.portal.dashboard.DashboardApplication</arg>
-                                                                               <arg>-Xms128m</arg>
-                                                                               <arg>-Xmx256m</arg>
                                                                                <arg>-Djava.security.egd=file:/dev/./urandom</arg>
                                                                                <arg>org.springframework.boot.loader.PropertiesLauncher</arg>
                                                                        </exec>

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
index 9357a1c..4429701 100644 (file)
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
@@ -73,7 +73,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        private String userCookie;
 
        protected void configure(HttpSecurity http) throws Exception {
-               logger.debug("configure");
+               logger.debug("configure: portalapi.username {}", userName);
                // A chain of ".and()" always baffles me
                http.authorizeRequests().anyRequest().authenticated();
                // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
index 6f28254..262f999 100644 (file)
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
@@ -69,7 +69,8 @@ public class AdminController {
        @GetMapping(VERSION_METHOD)
        // No role required
        public SuccessTransport getVersion() {
-               logger.debug("getVersion");
+               // These endpoints are invoked repeatedly by K8S
+               logger.trace("getVersion");
                return new SuccessTransport(200,
                                DashboardApplication.getImplementationVersion(MethodHandles.lookup().lookupClass()));
        }
@@ -78,7 +79,8 @@ public class AdminController {
        @GetMapping(HEALTH_METHOD)
        // No role required
        public SuccessTransport getHealth() {
-               logger.debug("getHealth");
+               // These endpoints are invoked repeatedly by K8S
+               logger.trace("getHealth");
                return new SuccessTransport(200, "Dashboard is healthy!");
        }
 

diff --git a/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java b/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
index c17baef..cc9a308 100644 (file)
--- a/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
+++ b/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
@@ -104,6 +104,7 @@ public class WebSecurityMockConfiguration extends WebSecurityConfigurerAdapter {
        public void configure(WebSecurity web) throws Exception {
                // This disables Spring security, but not the app's filter.
                web.ignoring().antMatchers(WebSecurityConfiguration.OPEN_PATHS);
+               web.ignoring().antMatchers("/", "/csrf"); // allow swagger-ui to load
        }
 
        @Bean