feat: configuration of additional users (#254)

author: Paul-Christian Volkmer 2026-03-07 10:48:16 +0100
committer: GitHub 2026-03-07 09:48:16 +0000
commit: ee5f9096c85f6789078597ba19f7c02e6b24d2c5 (patch)
tree: 616831069941510eea5ce652947837adefe86e49 /src/main/kotlin/dev/dnpm/etl
parent: 9eb8d74117c4c363f787fbc3e02a90e7f21a402e (diff)
2 files changed, 30 insertions, 29 deletions
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
index d2922f2..63f50a6 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
@@ -136,12 +136,18 @@ data class SecurityConfigProperties(
     val enableTokens: Boolean = false,
     val enableOidc: Boolean = false,
     val defaultNewUserRole: Role = Role.USER,
+    val users: List<UserProperties> = listOf(),
 ) {
     companion object {
         const val NAME = "app.security"
     }
 }
 
+data class UserProperties(
+    val username: String,
+    val password: String,
+)
+
 enum class PseudonymGenerator {
     BUILDIN,
     GPAS,
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
index 9b48d22..60b1a9c 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
@@ -53,6 +53,22 @@ class AppSecurityConfiguration(private val securityConfigProperties: SecurityCon
 
   private val logger = LoggerFactory.getLogger(AppSecurityConfiguration::class.java)
 
+    private fun authorizeAppRequests(http: HttpSecurity) {
+        http {
+            authorizeHttpRequests {
+                authorize("/configs/**", hasRole("ADMIN"))
+                authorize("/api/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
+                authorize("/api/mtb/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
+                authorize("/mtb/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
+                authorize("/patient/**", hasAnyRole("ADMIN", "USER"))
+                authorize("/report/**", hasAnyRole("ADMIN", "USER"))
+                authorize("/submission/**", hasAnyRole("ADMIN", "USER"))
+                authorize(anyRequest, permitAll)
+            }
+        }
+     }
+
   @Bean
   fun userDetailsService(passwordEncoder: PasswordEncoder): InMemoryUserDetailsManager {
     val adminUser =
@@ -72,10 +88,14 @@ class AppSecurityConfiguration(private val securityConfigProperties: SecurityCon
           securityConfigProperties.adminPassword
         }
 
-    val user: UserDetails =
+    val admin: UserDetails =
         User.withUsername(adminUser).password(adminPassword).roles("ADMIN").build()
 
-    return InMemoryUserDetailsManager(user)
+    val users = securityConfigProperties.users.map {
+        User.withUsername(it.username).password(it.password).roles("USER").build()
+    }.toTypedArray()
+
+    return InMemoryUserDetailsManager(admin, *users)
   }
 
   @Bean
@@ -86,24 +106,8 @@ class AppSecurityConfiguration(private val securityConfigProperties: SecurityCon
       userRoleRepository: UserRoleRepository,
       sessionRegistry: SessionRegistry,
   ): SecurityFilterChain {
+    authorizeAppRequests(http)
     http {
-      authorizeHttpRequests {
-        authorize("/configs/**", hasRole("ADMIN"))
-        authorize("/api/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
-        authorize("/api/mtb/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
-        authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
-        authorize("/mtb/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
-        authorize("/report/**", hasAnyRole("ADMIN", "USER"))
-        authorize("/submission/**", hasAnyRole("ADMIN", "USER"))
-        authorize("/**/*.css", permitAll)
-        authorize("/**/*.ico", permitAll)
-        authorize("/**/*.jpeg", permitAll)
-        authorize("/**/*.js", permitAll)
-        authorize("/**/*.svg", permitAll)
-        authorize("/**/*.css", permitAll)
-        authorize("/login/**", permitAll)
-        authorize(anyRequest, permitAll)
-      }
       httpBasic { realmName = "ETL-Processor" }
       formLogin { loginPage = LOGIN_PATH }
       oauth2Login { loginPage = LOGIN_PATH }
@@ -154,17 +158,8 @@ class AppSecurityConfiguration(private val securityConfigProperties: SecurityCon
       matchIfMissing = true,
   )
   fun filterChain(http: HttpSecurity, passwordEncoder: PasswordEncoder): SecurityFilterChain {
+    authorizeAppRequests(http)
     http {
-      authorizeHttpRequests {
-        authorize("/configs/**", hasRole("ADMIN"))
-        authorize("/api/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN"))
-        authorize("/api/mtb/**", hasAnyRole("MTBFILE", "ADMIN"))
-        authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN"))
-        authorize("/mtb/**", hasAnyRole("MTBFILE", "ADMIN"))
-        authorize("/report/**", hasRole("ADMIN"))
-        authorize("/submission/**", hasAnyRole("ADMIN"))
-        authorize(anyRequest, permitAll)
-      }
       httpBasic { realmName = "ETL-Processor" }
       formLogin { loginPage = LOGIN_PATH }
       csrf { disable() }
author	Paul-Christian Volkmer	2026-03-07 10:48:16 +0100
committer	GitHub	2026-03-07 09:48:16 +0000
commit	ee5f9096c85f6789078597ba19f7c02e6b24d2c5 (patch)
tree	616831069941510eea5ce652947837adefe86e49 /src/main/kotlin/dev/dnpm/etl
parent	9eb8d74117c4c363f787fbc3e02a90e7f21a402e (diff)