diff --git a/.gitignore b/.gitignore
index cd72f48..b98fac5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,4 +23,7 @@
hs_err_pid*
replay_pid*
-target
\ No newline at end of file
+target
+
+data/
+volume-data/
\ No newline at end of file
diff --git a/.idea/uiDesigner.xml b/.idea/uiDesigner.xml
new file mode 100644
index 0000000..2b63946
--- /dev/null
+++ b/.idea/uiDesigner.xml
@@ -0,0 +1,124 @@
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+
+
+
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ac02cd3
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,53 @@
+services:
+ poll-service:
+ image: ghcr.io/sympoll/poll-service/sympoll-poll-service:latest
+ container_name: poll-service-dc
+ ports:
+ - "8082:8082"
+ networks:
+ - sympoll-network
+
+ api-gateway:
+ image: ghcr.io/sympoll/api-gateway-service/sympoll-api-gateway-service-test:latest
+ ports:
+ - "8081:8081"
+ networks:
+ - sympoll-network
+
+ keycloak-mysql:
+ container_name: keycloak-mysql
+ image: mysql:8
+ environment:
+ MYSQL_ROOT_PASSWORD: root
+ MYSQL_DATABASE: keycloak
+ MYSQL_USER: keycloak
+ MYSQL_PASSWORD: password
+ volumes:
+ - ./volume-data/mysql_keycloak_data:/var/lib/mysql
+ networks:
+ - sympoll-network
+
+ keycloak:
+ container_name: keycloak
+ image: quay.io/keycloak/keycloak:24.0.1
+ command: [ "start-dev", "--import-realm" ]
+ environment:
+ DB_VENDOR: MYSQL
+ DB_ADDR: mysql
+ DB_DATABASE: keycloak
+ DB_USER: keycloak
+ DB_PASSWORD: password
+ KEYCLOAK_ADMIN: admin
+ KEYCLOAK_ADMIN_PASSWORD: admin
+ ports:
+ - "8181:8080"
+ volumes:
+ - ./docker/keycloak/realms/:/opt/keycloak/data/import/
+ depends_on:
+ - keycloak-mysql
+ networks:
+ - sympoll-network
+
+networks:
+ sympoll-network:
+ driver: bridge
\ No newline at end of file
diff --git a/docker/init.sql b/docker/init.sql
new file mode 100644
index 0000000..2c3d88e
--- /dev/null
+++ b/docker/init.sql
@@ -0,0 +1,8 @@
+-- User Management Service Schema
+CREATE TABLE users
+(
+ user_id UUID PRIMARY KEY,
+ username VARCHAR(255) UNIQUE NOT NULL,
+ email VARCHAR(255),
+ created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e6fee4e..59f6d35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,6 +47,11 @@
test
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
+
+
io.projectreactor
reactor-core
diff --git a/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigDisabled.java b/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigDisabled.java
new file mode 100644
index 0000000..266e60d
--- /dev/null
+++ b/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigDisabled.java
@@ -0,0 +1,26 @@
+package com.MTAPizza.Sympoll.api_gateway_service.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+
+@Configuration
+@EnableWebSecurity
+@Profile("auth-disabled")
+public class SecurityConfigDisabled {
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http
+ .csrf(AbstractHttpConfigurer::disable) // New method to disable CSRF
+ .authorizeRequests(auth -> auth
+ .anyRequest().permitAll()); // Allow all requests without authentication
+
+ return http.build();
+ }
+}
diff --git a/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigEnabled.java b/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigEnabled.java
new file mode 100644
index 0000000..4e2b617
--- /dev/null
+++ b/src/main/java/com/MTAPizza/Sympoll/api_gateway_service/config/SecurityConfigEnabled.java
@@ -0,0 +1,23 @@
+package com.MTAPizza.Sympoll.api_gateway_service.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@Profile("auth-enabled")
+public class SecurityConfigEnabled {
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
+ return httpSecurity.authorizeHttpRequests(authorize -> authorize
+ .anyRequest().authenticated())
+ .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
+ .build();
+ }
+}
+
diff --git a/src/main/resources/application-auth-disabled.properties b/src/main/resources/application-auth-disabled.properties
new file mode 100644
index 0000000..e69de29
diff --git a/src/main/resources/application-auth-enabled.properties b/src/main/resources/application-auth-enabled.properties
new file mode 100644
index 0000000..a3946bb
--- /dev/null
+++ b/src/main/resources/application-auth-enabled.properties
@@ -0,0 +1,7 @@
+spring.security.oauth2.resourceserver.jwt.issuer-uri=http://auth.localhost/realms/sympoll-realm
+# Use the reverse proxy to resolve and retrieve JWKs internally
+spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://auth-reverse-proxy/realms/sympoll-realm/protocol/openid-connect/certs
+# Enable detailed logging for OAuth2 resource server and JWT validation
+logging.level.org.springframework.security.oauth2=DEBUG
+logging.level.org.springframework.security.oauth2.server.resource=DEBUG
+logging.level.com.nimbusds=DEBUG
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 226a0dc..93f2094 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,5 +1,6 @@
server.port=8081
spring.application.name=api-gateway-service
+spring.profiles.active=${ENABLE_AUTH:auth-enabled}
# Cluster path to the Services:
poll.route.uri=http://poll-service:8082
@@ -7,3 +8,6 @@ user.route.uri=http://user-service:8083
vote.route.uri=http://vote-service:8084
group.route.uri=http://group-service:8085
media.route.uri=http://media-service:8086
+
+logging.level.org.springframework.web=DEBUG
+logging.level.org.springframework.security=DEBUG