cameleer/cameleer-server
1
0
Fork 0
Code Issues 43 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(04-01): implement security service foundation

Browse Source 
- JwtServiceImpl: HMAC-SHA256 via Nimbus JOSE+JWT with ephemeral 256-bit secret
- Ed25519SigningServiceImpl: JDK 17 KeyPairGenerator with ephemeral keypair
- BootstrapTokenValidator: constant-time comparison with dual-token rotation
- SecurityBeanConfig: bean wiring with fail-fast validation for CAMELEER_AUTH_TOKEN
- SecurityProperties: config binding for token expiry and bootstrap tokens
- TestSecurityConfig: permit-all filter chain to keep existing tests green
- application.yml: security config with env var mapping
- All 18 security unit tests pass, all 71 tests pass in full verify

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-11 20:08:30 +01:00
parent 51a02700dd
commit ac9e8ae4dd
7 changed files with 231 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cameleer3-server-app/src/test/java/com/cameleer3/server/app/security/TestSecurityConfig.java Normal file
View File

@@ -0,0 +1,28 @@
package com.cameleer3.server.app.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
/**
* Temporary test security configuration that permits all requests.
* <p>
* Adding {@code spring-boot-starter-security} enables security by default (all endpoints
* return 401). This configuration overrides that behavior in tests until the real
* security filter chain is configured in Plan 02.
* <p>
* Uses {@code @Order(-1)} to take precedence over any auto-configured security filter chain.
*/
@Configuration
public class TestSecurityConfig {
@Bean
public SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
return http.build();
}
}

4
cameleer3-server-app/src/test/resources/application-test.yml
View File

@@ -12,3 +12,7 @@ ingestion:
agent-registry:
ping-interval-ms: 1000
security:
bootstrap-token: test-bootstrap-token
bootstrap-token-previous: old-bootstrap-token