From c0dbfbc9c6268d8a8bea989daffb3a5065e820aa Mon Sep 17 00:00:00 2001
From: "Lott, Christopher (cl778h)" <cl778h@att.com>
Date: Wed, 7 Aug 2019 07:47:56 -0400
Subject: [PATCH] Open all swagger-requested endpoints

Avoid the basic HTTP auth sign-in challenge when testing locally

Change-Id: I1f009f896cb387178d1dd5c43d621d3a2eaeb1eb
Signed-off-by: Lott, Christopher (cl778h) <cl778h@att.com>
---
 docs/release-notes.rst                                              | 4 ++--
 webapp-backend/pom.xml                                              | 4 ++--
 .../ric/portal/dashboard/config/WebSecurityConfiguration.java       | 2 +-
 .../org/oransc/ric/portal/dashboard/controller/AdminController.java | 6 ++++--
 .../ric/portal/dashboard/config/WebSecurityMockConfiguration.java   | 1 +
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 598daf64..42e83089 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -20,8 +20,8 @@
 RIC Dashboard Release Notes
 ===========================
 
-Version 1.2.0, 31 July 2019
----------------------------
+Version 1.2.0, 7 Aug 2019
+-------------------------
 * Split URL properties into prefix/suffix parts
 * Add jacoco plugin to back-end for code coverage
 * Compile with Java version 11, run with image openjdk:11
diff --git a/webapp-backend/pom.xml b/webapp-backend/pom.xml
index a7ee92ba..f093d0e2 100644
--- a/webapp-backend/pom.xml
+++ b/webapp-backend/pom.xml
@@ -298,11 +298,11 @@ limitations under the License.
 									<!-- Include maven dir on classpath for prop files -->
 									<exec>
 										<arg>java</arg>
+										<arg>-Xms128m</arg>
+										<arg>-Xmx256m</arg>
 										<arg>-cp</arg>
 										<arg>maven:maven/${project.artifactId}-${project.version}.${project.packaging}</arg>
 										<arg>-Dloader.main=org.oransc.ric.portal.dashboard.DashboardApplication</arg>
-										<arg>-Xms128m</arg>
-										<arg>-Xmx256m</arg>
 										<arg>-Djava.security.egd=file:/dev/./urandom</arg>
 										<arg>org.springframework.boot.loader.PropertiesLauncher</arg>
 									</exec>
diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
index 9357a1cf..44297016 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
@@ -73,7 +73,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	private String userCookie;
 
 	protected void configure(HttpSecurity http) throws Exception {
-		logger.debug("configure");
+		logger.debug("configure: portalapi.username {}", userName);
 		// A chain of ".and()" always baffles me
 		http.authorizeRequests().anyRequest().authenticated();
 		// http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
index 6f282543..262f999f 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AdminController.java
@@ -69,7 +69,8 @@ public class AdminController {
 	@GetMapping(VERSION_METHOD)
 	// No role required
 	public SuccessTransport getVersion() {
-		logger.debug("getVersion");
+		// These endpoints are invoked repeatedly by K8S
+		logger.trace("getVersion");
 		return new SuccessTransport(200,
 				DashboardApplication.getImplementationVersion(MethodHandles.lookup().lookupClass()));
 	}
@@ -78,7 +79,8 @@ public class AdminController {
 	@GetMapping(HEALTH_METHOD)
 	// No role required
 	public SuccessTransport getHealth() {
-		logger.debug("getHealth");
+		// These endpoints are invoked repeatedly by K8S
+		logger.trace("getHealth");
 		return new SuccessTransport(200, "Dashboard is healthy!");
 	}
 
diff --git a/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java b/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
index c17baefd..cc9a3088 100644
--- a/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
+++ b/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/config/WebSecurityMockConfiguration.java
@@ -104,6 +104,7 @@ public class WebSecurityMockConfiguration extends WebSecurityConfigurerAdapter {
 	public void configure(WebSecurity web) throws Exception {
 		// This disables Spring security, but not the app's filter.
 		web.ignoring().antMatchers(WebSecurityConfiguration.OPEN_PATHS);
+		web.ignoring().antMatchers("/", "/csrf"); // allow swagger-ui to load
 	}
 
 	@Bean
-- 
2.16.6