diff --git a/pom.xml b/pom.xml
index b98eccd5..11ba712d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -271,7 +271,6 @@
jna
5.8.0
-
org.mockito
mockito-core
@@ -290,6 +289,11 @@
1.16.0
provided
+
+ org.springdoc
+ springdoc-openapi-ui
+ 1.8.0
+
diff --git a/src/main/java/it/gov/pagopa/cgn/portal/CGNOnboardingPortal.java b/src/main/java/it/gov/pagopa/cgn/portal/CGNOnboardingPortal.java
index 76e9cd42..cc76fca2 100644
--- a/src/main/java/it/gov/pagopa/cgn/portal/CGNOnboardingPortal.java
+++ b/src/main/java/it/gov/pagopa/cgn/portal/CGNOnboardingPortal.java
@@ -1,7 +1,13 @@
package it.gov.pagopa.cgn.portal;
+import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Profile;
+
+import java.util.Arrays;
@SpringBootApplication
public class CGNOnboardingPortal {
@@ -10,4 +16,12 @@ public static void main(String[] args) {
SpringApplication.run(CGNOnboardingPortal.class, args);
}
+ @Bean
+ @Profile("dev")
+ public CommandLineRunner printBeans(ApplicationContext ctx) {
+ return args -> {
+ System.out.println("Registered beans:");
+ Arrays.stream(ctx.getBeanDefinitionNames()).sorted().forEach(System.out::println);
+ };
+ }
}
\ No newline at end of file
diff --git a/src/main/java/it/gov/pagopa/cgn/portal/config/OpenAPIConfig.java b/src/main/java/it/gov/pagopa/cgn/portal/config/OpenAPIConfig.java
new file mode 100644
index 00000000..40bbeea4
--- /dev/null
+++ b/src/main/java/it/gov/pagopa/cgn/portal/config/OpenAPIConfig.java
@@ -0,0 +1,39 @@
+package it.gov.pagopa.cgn.portal.config;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import io.swagger.v3.oas.models.security.SecurityScheme.In;
+import io.swagger.v3.oas.models.security.SecurityScheme.Type;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+@Configuration
+@Profile("dev")
+public class OpenAPIConfig {
+
+ @Value("${cgn.role.header}")
+ private String cgnRoleHeader;
+
+ @Bean
+ public OpenAPI customOpenAPI() {
+ return new OpenAPI()
+ .info(new Info()
+ .title("API Documentation")
+ .version("1.0")
+ .description("Documentazione delle API con autenticazione JWT e custom header"))
+ .addSecurityItem(new SecurityRequirement().addList("BearerAuth").addList("CustomHeader"))
+ .components(new io.swagger.v3.oas.models.Components()
+ .addSecuritySchemes("BearerAuth", new SecurityScheme()
+ .type(Type.HTTP)
+ .scheme("bearer")
+ .bearerFormat("JWT"))
+ .addSecuritySchemes("CustomHeader", new SecurityScheme()
+ .type(Type.APIKEY)
+ .name(cgnRoleHeader) // Nome del tuo header
+ .in(In.HEADER)));
+ }
+}
diff --git a/src/main/java/it/gov/pagopa/cgn/portal/security/WebSecurityConfig.java b/src/main/java/it/gov/pagopa/cgn/portal/security/WebSecurityConfig.java
index 1f9e17b3..8cb596cd 100644
--- a/src/main/java/it/gov/pagopa/cgn/portal/security/WebSecurityConfig.java
+++ b/src/main/java/it/gov/pagopa/cgn/portal/security/WebSecurityConfig.java
@@ -3,6 +3,7 @@
import it.gov.pagopa.cgn.portal.config.ConfigProperties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -15,7 +16,9 @@
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import java.util.ArrayList;
import java.util.Collections;
+import java.util.List;
@Configuration
@@ -24,6 +27,9 @@
public class WebSecurityConfig
extends WebSecurityConfigurerAdapter {
+ @Value("${spring.profiles.active:Unknown}")
+ private String activeProfile;
+
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@@ -64,7 +70,7 @@ protected void configure(HttpSecurity httpSecurity)
.cors()
.and()
.authorizeRequests()
- .antMatchers("/actuator/**", "/help", "/")
+ .antMatchers(getAntMatchers())
.permitAll()
.anyRequest()
.authenticated();
@@ -74,4 +80,10 @@ protected void configure(HttpSecurity httpSecurity)
httpSecurity.headers().cacheControl();
}
+
+ private String[] getAntMatchers() {
+ return ("dev".equals(activeProfile) ?
+ List.of("/actuator/**", "/help", "/","/v3/api-docs/**","/swagger-ui/**","/swagger-ui.html")
+ : List.of("/actuator/**", "/help", "/")).toArray(String[]::new);
+ }
}
diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties
index 0b5e7f7d..1d38914b 100644
--- a/src/main/resources/application-dev.properties
+++ b/src/main/resources/application-dev.properties
@@ -1,3 +1,16 @@
+########################################
+# DON'T INSERT SENSIBLE DATA HERE, FOR LOCAL RUN/DEBUG FOLLOW THIS STEPS:
+
+# 1 Copy this file to a folder of your convenience
+# 2 On copied file, leaves only the key-value pairs of sensitive data
+# 2 Run > Edit configurations > Application > CGNOnboardingPortal
+# 3 Run > Edit configurations > Application > modify Options... > check on "Add VM Options"
+# 4 insert in this field: -Dspring.config.additional-location=file:PATH_TO/YOUR_FOLDER/application-dev.properties
+# 5 Run > Edit configurations > Application > modify Options... > check on "add dependences with provided scope to the classpath"
+# INFO on spring.config.additional-location: If a key=value is present in both, external file has precedence
+# for more info look at: https://docs.spring.io/spring-boot/docs/2.1.7.RELEASE/reference/html/boot-features-external-config.html
+########################################
+
#jpa:
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.format_sql=true
@@ -16,8 +29,7 @@ spring.flyway.enabled=true
flyway.url=${spring.datasource.url}
flyway.user=${spring.datasource.username}
flyway.password=${spring.datasource.password}
-#launch job eyca every minute
-send.discounts.to.eyca.job.cron=0 * * ? * *
+
eyca.job.mailto=elisa.mastrantonio@pagopa.it;carlo.quattrocchi.esterno@pagopa.it;alessandro.forcuti@dgsspa.com
eyca.admin.mailto=carlo.quattrocchi.esterno@pagopa.it;alessandro.forcuti@dgsspa.com
eyca.export.username=secret
@@ -26,7 +38,12 @@ eyca.export.password=secret
### DEV PROPERTIES ENABLE ON NECESSITY AND REBUILD APP ##
spring.quartz.autostartup=false
eyca.export.enabled=false
+#launch job eyca every minute
+send.discounts.to.eyca.job.cron=0 * * ? * *
+
+#CHANGE THIS FLAG CAREFULLY, CAN BE DANGEROUS FOR EYCA DB !!!
eyca.api.debug=false
eyca.api.delete.debug=false
+
logging.level.org.hibernate.type.descriptor.sql.BasicBinder=trace
logging.level.org.springframework.web=trace