From 11d9f301c042e73caa74b9fab89d09f8bcf325ab Mon Sep 17 00:00:00 2001
From: "idriss.naji" <idriss.naji@virtual-identity.com>
Date: Mon, 7 Nov 2022 14:04:38 +0100
Subject: [PATCH] fix: enable Swagger UI after CVEs fixes

---
 pom.xml                                       | 22 ++++++++-----------
 .../agencyservice/config/SecurityConfig.java  |  2 +-
 src/main/resources/application.properties     |  1 +
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 238b7302..4f4bf5a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,6 @@
     <openapi.generator.maven.version>6.2.0</openapi.generator.maven.version>
     <hibernate-search-orm.version>5.11.10.Final</hibernate-search-orm.version>
     <jackson-databind-nullable.version>0.2.3</jackson-databind-nullable.version>
-    <springfox-swagger2.version>3.0.0</springfox-swagger2.version>
     <javax.ws.rs-api.version>2.1.1</javax.ws.rs-api.version>
     <commons-lang3.version>3.11</commons-lang3.version>
     <liquibase-maven-plugin.version>4.1.1</liquibase-maven-plugin.version>
@@ -40,6 +39,8 @@
     <easy-random-core.version>5.0.0</easy-random-core.version>
     <spring-boot-autoconfigure.version>2.7.5</spring-boot-autoconfigure.version>
     <liquibase-core.version>4.9.1</liquibase-core.version>
+    <springfox-boot-starter.version>3.0.0</springfox-boot-starter.version>
+    <spring-security-core.version>5.7.5</spring-security-core.version>
   </properties>
 
   <dependencies>
@@ -69,6 +70,11 @@
       <artifactId>spring-boot-starter-validation</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core</artifactId>
+      <version>${spring-security-core.version}</version>
+    </dependency>
     <!-- Search dependencies -->
     <dependency>
       <groupId>org.hibernate</groupId>
@@ -91,18 +97,8 @@
     <!-- SpringFox: generate YAML file from POJOs and generate documentation -->
     <dependency>
       <groupId>io.springfox</groupId>
-      <artifactId>springfox-swagger2</artifactId>
-      <version>${springfox-swagger2.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>io.springfox</groupId>
-      <artifactId>springfox-bean-validators</artifactId>
-      <version>${springfox-swagger2.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>io.springfox</groupId>
-      <artifactId>springfox-swagger-ui</artifactId>
-      <version>${springfox-swagger2.version}</version>
+      <artifactId>springfox-boot-starter</artifactId>
+      <version>${springfox-boot-starter.version}</version>
     </dependency>
 
     <!-- Keycloak dependencies -->
diff --git a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java
index 6be574c6..b1d52c65 100644
--- a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java
+++ b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java
@@ -33,7 +33,7 @@ public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 
   public static final String[] WHITE_LIST =
       new String[]{"/agencies/docs", "/agencies/docs/**", "/v2/api-docs", "/configuration/ui",
-          "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**"};
+          "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/swagger-ui/**", "/webjars/**"};
 
   @SuppressWarnings("unused")
   private final KeycloakClientRequestFactory keycloakClientRequestFactory;
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 7a19c50f..36e0ba09 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -13,6 +13,7 @@ server.port=8080
 
 spring.mvc.locale=de_DE
 spring.jackson.time-zone=Europe/Berlin
+spring.mvc.pathmatch.matching-strategy=ant_path_matcher
 
 # Logging: SLF4J (via Lombok)
 logging.file.name=log/agencyservice.log