From 4f6c6e42fb2b22599730c38a65460e8295da5a13 Mon Sep 17 00:00:00 2001 From: Matithieu Date: Sat, 20 Dec 2025 15:35:20 +0100 Subject: [PATCH] fix: docker image for java + fix access to swagger --- Dockerfile | 32 +++++++------------ README.md | 10 ++++++ gradle.properties | 2 ++ .../spring/security/SecurityConfig.java | 3 +- 4 files changed, 26 insertions(+), 21 deletions(-) create mode 100644 README.md create mode 100644 gradle.properties diff --git a/Dockerfile b/Dockerfile index b35b2d4..b546ba8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,24 @@ # Build Stage FROM gradle:8.13-jdk21 AS build - -# Set the working directory inside the container WORKDIR /home/gradle/src - -# Copy only the necessary files to the container to minimize cache invalidation -COPY . /home/gradle/src - -# Build the project without the Gradle daemon to avoid cache issues +COPY . . RUN gradle clean build --no-daemon -# Final Stage: Create a minimal Docker image with just the JAR file -FROM openjdk:21-jdk-slim - -# Install curl for debugging purposes -RUN apt update && apt install -y curl - -# Set the working directory inside the container +# Runtime Stage (JRE only) +FROM eclipse-temurin:21-jre WORKDIR /app +RUN apt-get update \ + && apt-get install -y --no-install-recommends curl \ + && rm -rf /var/lib/apt/lists/* + # Copy the built jar from the build stage -COPY --from=build /home/gradle/src/build/libs/*.jar app.jar +COPY --from=build /home/gradle/src/build/libs/*.jar /app/app.jar -# Expose the application's port EXPOSE 8083 -# Set JVM options to handle memory issues -ENV JAVA_OPTS="-Xms2g -Xmx4g" +# JVM options (optional) +ENV JAVA_OPTS="-XX:MaxRAMPercentage=75" -# Command to run the application -CMD ["java", "-jar", "app.jar"] +# Use a shell form to expand JAVA_OPTS +CMD ["sh", "-c", "java $JAVA_OPTS -jar /app/app.jar"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..c1377e5 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +# Local API Usage + +To use the API locally, you must pass the following token using the ModHeader browser extension. Otherwise, the API will not work. + +**Header:** `X-Auth-Request-Access-Token` + +**Token:** `eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1MTlCYW5HbVlqV1hFZHhHTmRIdlVFSTRKbTFlU29YOFRzU3RSSWFjVEprIn0.eyJleHAiOjE3NjYyNDExODgsImlhdCI6MTc2NjI0MDg4OCwiYXV0aF90aW1lIjoxNzY2MjQwODg4LCJqdGkiOiIyMmE5M2M5Yy04MTU4LTQ1MDgtYjBiZC1jYjlkMzVjNDI3YTMiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdC9hdXRoL3JlYWxtcy9pbmZvQ29tcGFuaWVzIiwiYXVkIjpbInNwcmluZy1hcGktaW5mb2NvbXBhbmllcyIsInJlYWxtLW1hbmFnZW1lbnQiLCJhY2NvdW50Il0sInN1YiI6ImViYjU5MGViLTA5N2UtNDEyYS04MTg3LWU1YTU0NTZlYTg3NSIsInR5cCI6IkJlYXJlciIsImF6cCI6InNwcmluZy1hcGktaW5mb2NvbXBhbmllcyIsInNpZCI6IjY1MzNkZWUzLWVmY2YtNDc3My1hNzgwLTExZTM1NDMwNzE3NiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9sb2NhbGhvc3QvKiIsImh0dHA6Ly9sb2NhbGhvc3Q6NTE3My8qIiwiaHR0cDovL2xvY2FsaG9zdC8qIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzLyoiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidmVyaWZpZWQiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1pbmZvY29tcGFuaWVzIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInF1ZXJ5LXJlYWxtcyIsInZpZXctYXV0aG9yaXphdGlvbiIsInF1ZXJ5LWNsaWVudHMiLCJxdWVyeS11c2VycyIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIiwicXVlcnktZ3JvdXBzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwaG9uZSBhZGRyZXNzIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYWRkcmVzcyI6e30sInJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidmVyaWZpZWQiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1pbmZvY29tcGFuaWVzIl0sIm5hbWUiOiJSb290dXMgQWRtaW51cyIsInByZWZlcnJlZF91c2VybmFtZSI6ImxvY2FsLWFkbWluQG1haWwuY29tIiwiZ2l2ZW5fbmFtZSI6IlJvb3R1cyIsImZhbWlseV9uYW1lIjoiQWRtaW51cyIsImVtYWlsIjoibG9jYWwtYWRtaW5AbWFpbC5jb20ifQ.N9HMe6DeZFz5-mX2a7LEsYFTRmMKefTzD37ZM2YKVKvrOLY_KNq7bxCl-KHE0b0QKLiORCIITr8StqmKF6vRSVT2DsooOjgdzYGvAnpu_65yQvV1_hAcmhKiA8i5nBrVe_ZZMf6p7pNx8wC6WMXylSYvIoK0hCK1TZLtI5cqFuQohbiSv_bLaO_7vhEcJ0mqRLeX3bIjrROLVJxyvWSDa_W6rO_qwEuYiDBGvDW04uO6gZzIoTU6YrPxiX20d74fIc5AjgliuAnNWYYcguTJjhh8hCougrQZGaC_9qkxyWLgakWJATo3DilbuYPoNy0ylFwJZZvr1la5m1S2Kwr5HA` + +1. Install the [ModHeader](https://modheader.com/) extension in your browser. +2. Add a new header with the required token when making requests to the API. diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..aec0a55 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,2 @@ +org.gradle.caching=true +org.gradle.parallel=true diff --git a/src/main/java/com/example/spring/security/SecurityConfig.java b/src/main/java/com/example/spring/security/SecurityConfig.java index b46f313..95623ab 100644 --- a/src/main/java/com/example/spring/security/SecurityConfig.java +++ b/src/main/java/com/example/spring/security/SecurityConfig.java @@ -45,8 +45,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // Swagger + OpenAPI - only in dev // To access Swagger UI and OpenAPI documentation on Docker + // Swagger UI: http://localhost:8080/swagger-ui/index.html // Fill the search bar at the top with: https://localhost/api/v3/api-docs - authorize.requestMatchers("/swagger-ui/**", "/api/v3/api-docs").hasRole("admin"); + authorize.requestMatchers("/swagger-ui/index.html", "/v3/api-docs").hasRole("admin"); // permitAll() is used here because the OAuth proxy handles the authentication // and the user is already authenticated before reaching this point.