[spring-boot3]: Refacor project in order to configure redis usage in login projects. Add swagger configuration.

README.md

@@ -3,7 +3,7 @@
 Authorization library is a library that provides a Spring Security (6.x.x) process
 in order to authorize the endpoints of a service base on OpenAIRE Authorities.
 It can be used with two different session strategies, a stateless and
-a Redis http session.
+a Redis http session. Also, it includes swagger configuration.
 
 ## Stateless
 
@@ -19,15 +19,15 @@ user's session, but with a cost of an extra http request per request.
     <dependency>
         <groupId>eu.dnetlib</groupId>
         <artifactId>uoa-authorization-library</artifactId>
-        <version>3.0.0</version>
+        <version>3.0.1</version>
     </dependency>
 
 #### Spring Application/Configuration
 
-    import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    
+    import eu.dnetlib.uoaauthorizationlibrary.authorization.SecurityConfiguration;    
 
     @PropertySources({@PropertySource("classpath:authorization.properties")})
-    @Import(AuthorizationConfiguration.class)
+    @Import(SecurityConfiguration.class)
     public class Application {
         public static void main(String[] args) {
             SpringApplication.run(Application.class, args);
@@ -54,16 +54,16 @@ where session is stored.
     <dependency>
         <groupId>eu.dnetlib</groupId>
         <artifactId>uoa-authorization-library</artifactId>
-        <version>3.0.0</version>
+        <version>3.0.1</version>
         <classifier>redis</classifier>
     </dependency>
 
 #### Spring Application/Configuration
 
-    import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    
+    import eu.dnetlib.uoaauthorizationlibrary.authorization.SecurityConfiguration;    
 
     @PropertySources({@PropertySource("classpath:authorization.properties")})
-    @Import(AuthorizationConfiguration.class)
+    @Import(SecurityConfiguration.class)
     public class Application {
         public static void main(String[] args) {
             SpringApplication.run(Application.class, args);
@@ -78,6 +78,37 @@ where session is stored.
     authorization.security.domain=<domain-suffix> # e.g openaire.eu Default: di.uoa.gr
     authorization.security.session=<session-cookie-name> # Default openAIRESession
 
+### Custom WebSecurity
+
+In case you want to create a custom WebSecurity Configuration you have to:
+
+1. **@Import(AuthorizationConfiguration.class)** instead of SecurityConfiguration.
+2. (Optional) On your WebSecurity Configuration inject WebSecurity component and use security method 
+in order to pre-build HttpSecurity with the default security.
+
+e.g
+
+    @EnableWebSecurity
+    @EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
+    @Configuration
+    public class WebSecurityConfig {
+    
+        private final WebSecurity webSecurity;
+    
+        @Autowired
+        public WebSecurityConfig(WebSecurity webSecurity) {
+            this.webSecurity = webSecurity;
+        }
+    
+        @Bean
+        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+            http = webSecurity.security(http);
+            // Custom Security Configuration
+            
+            return http.build();
+        }
+    }
+
 
 ## Authorize Requests
 
@@ -119,3 +150,17 @@ e.g
     + ")")
     @RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
     public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {}
+
+
+## Swagger configuration
+
+This library by default includes swagger configuration, which is accessible only by PORTAL ADMIN users.
+Optional set API info properties in your project configuration file:
+
+    api.title = <Title>
+    api.description = <Description>
+    api.version = ${project.version}
+
+### Disable UI and/or API-docs
+    springdoc.swagger-ui.enabled=false
+    springdoc.api-docs.enabled=false

pom.xml

@@ -40,6 +40,12 @@
 			<groupId>redis.clients</groupId>
 			<artifactId>jedis</artifactId>
 		</dependency>
+		<!-- Swagger -->
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+			<version>${spring-doc-version}</version>
+		</dependency>
     </dependencies>
 	<build>
 		<plugins>
@@ -55,7 +61,7 @@
 						</goals>
 						<configuration>
 							<excludes>
-								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/redis/**</exclude>
+								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/authorization/redis/**</exclude>
 							</excludes>
 						</configuration>
 					</execution>
@@ -68,7 +74,7 @@
 						<configuration>
 							<classifier>redis</classifier>
 							<excludes>
-								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/stateless/**</exclude>
+								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/**</exclude>
 							</excludes>
 						</configuration>
 					</execution>

src/main/java/eu/dnetlib/uoaauthorizationlibrary/AuthorizationConfiguration.java

@@ -0,0 +1,14 @@
+package eu.dnetlib.uoaauthorizationlibrary;
+
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.API;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.GlobalVars;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@EnableConfigurationProperties({Properties.class, GlobalVars.class, API.class})
+@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.authorization"})
+public class AuthorizationConfiguration {
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/SecurityConfiguration.java

@@ -0,0 +1,13 @@
+package eu.dnetlib.uoaauthorizationlibrary;
+
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.API;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.GlobalVars;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@EnableConfigurationProperties({Properties.class, GlobalVars.class, API.class})
+@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.authorization"}, basePackageClasses = {WebSecurityConfig.class})
+public class SecurityConfiguration { }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/WebSecurityConfig.java

@@ -1,12 +1,12 @@
-package eu.dnetlib.uoaauthorizationlibrary.redis.security;
+package eu.dnetlib.uoaauthorizationlibrary;
 
-import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.WebSecurity;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
@@ -14,17 +14,15 @@ import org.springframework.security.web.SecurityFilterChain;
 @Configuration
 public class WebSecurityConfig {
 
-    @Bean
+    private final WebSecurity webSecurity;
-    public EntryPoint entryPoint() {
+    
-        return new EntryPoint();
+    @Autowired
+    public WebSecurityConfig(WebSecurity webSecurity) {
+        this.webSecurity = webSecurity;
     }
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf(AbstractHttpConfigurer::disable);
+        return webSecurity.security(http).build();
-        http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
-        http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
-        return http.build();
     }
-
 }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/configuration/API.java

@@ -0,0 +1,34 @@
+package eu.dnetlib.uoaauthorizationlibrary.authorization.configuration;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@ConfigurationProperties("api")
+public class API {
+    private String title;
+    private String description;
+    private String version;
+
+    public String getTitle() {
+        return title;
+    }
+
+    public void setTitle(String title) {
+        this.title = title;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getVersion() {
+        return version;
+    }
+
+    public void setVersion(String version) {
+        this.version = version;
+    }
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/configuration/GlobalVars.java

@@ -1,4 +1,4 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.configuration;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/configuration/Properties.java

@@ -1,9 +1,9 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.configuration;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
 @ConfigurationProperties("authorization.security")
-public class SecurityConfig {
+public class Properties {
 
     private Redis redis = new Redis();
     private String userInfoUrl;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/configuration/Redis.java

@@ -1,4 +1,4 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.configuration;
 
 public class Redis {
 

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/controllers/AuthorizationLibraryCheckDeployController.java

@@ -1,7 +1,7 @@
-package eu.dnetlib.uoaauthorizationlibrary.controllers;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.controllers;
 
-import eu.dnetlib.uoaauthorizationlibrary.configuration.GlobalVars;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.GlobalVars;
-import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,7 +19,7 @@ public class AuthorizationLibraryCheckDeployController {
     private final Logger log = LogManager.getLogger(this.getClass());
 
     @Autowired
-    private SecurityConfig securityConfig;
+    private Properties securityConfig;
 
     @Autowired
     private GlobalVars globalVars;
@@ -34,10 +34,12 @@ public class AuthorizationLibraryCheckDeployController {
     @RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
     public Map<String, String> checkEverything() {
         Map<String, String> response = new HashMap<>();
-        response.put("authorization.security.redis.host", securityConfig.getRedis().getHost());
+        response.put("security.redis.host", securityConfig.getRedis().getHost());
-        response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
+        response.put("security.redis.port", securityConfig.getRedis().getPort());
-        response.put("authorization.security.session", securityConfig.getSession());
+        response.put("security.redis.password", securityConfig.getRedis().getPassword());
-        response.put("authorization.security.domain", securityConfig.getDomain());
+        response.put("security.userInfoUrl", securityConfig.getUserInfoUrl());
+        response.put("security.session", securityConfig.getSession());
+        response.put("security.domain", securityConfig.getDomain());
         if(GlobalVars.date != null) {
             response.put("Date of deploy", GlobalVars.date.toString());
         }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/redis/RedisConfig.java

@@ -1,6 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.redis;
 
-import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -9,20 +9,23 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import org.springframework.session.FlushMode;
+import org.springframework.session.SaveMode;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisIndexedHttpSession;
 import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 
-@EnableRedisHttpSession
+@EnableRedisIndexedHttpSession(flushMode = FlushMode.IMMEDIATE, saveMode = SaveMode.ALWAYS)
 @Configuration
 public class RedisConfig {
 
-    private final SecurityConfig properties;
+    private final Properties properties;
 
     private static final Logger logger = LogManager.getLogger(RedisConfig.class);
 
     @Autowired
-    public RedisConfig(SecurityConfig properties) {
+    public RedisConfig(Properties properties) {
         this.properties = properties;
     }
 
@@ -39,6 +42,8 @@ public class RedisConfig {
     public RedisTemplate<String, Object> redisTemplate() {
         RedisTemplate<String, Object> template = new RedisTemplate<>();
         template.setConnectionFactory(connectionFactory());
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setHashKeySerializer(new StringRedisSerializer());
         return template;
     }
 

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/redis/RedisWebSecurity.java

@@ -0,0 +1,30 @@
+package eu.dnetlib.uoaauthorizationlibrary.authorization.redis;
+
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.AuthorizationService;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.EntryPoint;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.WebSecurity;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RedisWebSecurity implements WebSecurity {
+
+    private final EntryPoint entryPoint;
+    private final AuthorizationService service;
+
+    @Autowired
+    public RedisWebSecurity(EntryPoint entryPoint, AuthorizationService service) {
+        this.entryPoint = entryPoint;
+        this.service = service;
+    }
+
+    public HttpSecurity security(HttpSecurity http) throws Exception {
+        http.csrf(AbstractHttpConfigurer::disable);
+        http.exceptionHandling(handler -> handler.authenticationEntryPoint(entryPoint));
+        http.authorizeHttpRequests(auth -> auth.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
+        return http;
+    }
+
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/AuthorizationService.java

@@ -1,6 +1,5 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/CorsConfig.java

@@ -1,24 +1,20 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
 
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
-@EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
+public class CorsConfig {
-@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
-public class AuthorizationConfiguration {
-
-    private final SecurityConfig securityConfig;
 
+    private final Properties properties;
 
     @Autowired
-    public AuthorizationConfiguration(SecurityConfig securityConfig) {
+    public CorsConfig(Properties properties) {
-        this.securityConfig = securityConfig;
+        this.properties = properties;
     }
 
     @Bean
@@ -27,7 +23,7 @@ public class AuthorizationConfiguration {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
                 registry.addMapping("/**")
-                        .allowedOriginPatterns("*" + securityConfig.getDomain(), "*" + securityConfig.getDomain() + ":*")
+                        .allowedOriginPatterns("*" + properties.getDomain(), "*" + properties.getDomain() + ":*")
                         .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
                         .allowCredentials(true);
             }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/EntryPoint.java

@@ -1,11 +1,14 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
 import java.io.IOException;
 
+@Component
 public class EntryPoint implements AuthenticationEntryPoint {
 
     @Override

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/OpenAIREAuthentication.java

@@ -1,6 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.stateless.UserInfo;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 
 public class OpenAIREAuthentication extends AbstractAuthenticationToken {

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/SwaggerConfig.java

@@ -0,0 +1,28 @@
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
+
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.API;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SwaggerConfig {
+
+    private final API api;
+
+    @Autowired
+    public SwaggerConfig(API api) {
+        this.api = api;
+    }
+
+    @Bean
+    public OpenAPI customOpenAPI() {
+        return new OpenAPI()
+                .info(new Info()
+                        .title(api.getTitle())
+                        .version(api.getVersion())
+                        .description(api.getDescription()));
+    }
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/WebSecurity.java

@@ -0,0 +1,10 @@
+package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.stereotype.Component;
+
+@Component
+public interface WebSecurity {
+
+    HttpSecurity security(HttpSecurity http) throws Exception;
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/AuthorizationFilter.java

@@ -1,6 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
 
-import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.OpenAIREAuthentication;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/AuthorizationProvider.java

@@ -1,8 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
 
-import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.OpenAIREAuthentication;
-import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.AuthorizationUtils;
-import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/AuthorizationUtils.java

@@ -1,6 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
 
-import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Properties;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import org.apache.logging.log4j.LogManager;
@@ -16,15 +16,15 @@ import java.util.Collections;
 @Component
 public class AuthorizationUtils {
     private final Logger log = LogManager.getLogger(this.getClass());
-    private final SecurityConfig securityConfig;
+    private final Properties properties;
 
     @Autowired
-    AuthorizationUtils(SecurityConfig securityConfig) {
+    AuthorizationUtils(Properties properties) {
-        this.securityConfig = securityConfig;
+        this.properties = properties;
     }
 
     public UserInfo getUserInfo(HttpServletRequest request) {
-        String url = securityConfig.getUserInfoUrl();
+        String url = properties.getUserInfoUrl();
         RestTemplate restTemplate = new RestTemplate();
         try {
             if(url != null && hasCookie(request)) {
@@ -33,7 +33,7 @@ public class AuthorizationUtils {
             }
             return null;
         } catch (RestClientException e) {
-            log.error(url + ": " + e.getMessage());
+            log.error("{}: {}", url, e.getMessage());
             return null;
         }
     }
@@ -41,7 +41,7 @@ public class AuthorizationUtils {
     private boolean hasCookie(HttpServletRequest request) {
         Cookie[] cookies = request.getCookies();
         if(cookies != null) {
-            return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(this.securityConfig.getSession()));
+            return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(this.properties.getSession()));
         }
         return false;
     }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/StatelessWebSecurity.java

@@ -0,0 +1,37 @@
+package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
+
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.AuthorizationService;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.EntryPoint;
+import eu.dnetlib.uoaauthorizationlibrary.authorization.security.WebSecurity;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+@Component
+public class StatelessWebSecurity implements WebSecurity {
+
+    private final AuthorizationFilter filter;
+    private final EntryPoint entryPoint;
+    private final AuthorizationService service;
+
+    @Autowired
+    public StatelessWebSecurity(AuthorizationFilter filter, EntryPoint entryPoint, AuthorizationService service) {
+        this.filter = filter;
+        this.entryPoint = entryPoint;
+        this.service = service;
+    }
+
+    @Override
+    public HttpSecurity security(HttpSecurity http) throws Exception {
+        http.csrf(AbstractHttpConfigurer::disable);
+        http.addFilterBefore(filter, BasicAuthenticationFilter.class);
+        http.exceptionHandling(handler -> handler.authenticationEntryPoint(entryPoint));
+        http.authorizeHttpRequests(auth -> auth.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
+        http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+        return http;
+    }
+
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/UserInfo.java

@@ -1,4 +1,4 @@
-package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
+package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/IgnoreSecurityConfiguration.java

@@ -1,12 +0,0 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
-
-import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-@ComponentScan(
-        basePackageClasses = {AuthorizationService.class}
-)
-public class IgnoreSecurityConfiguration {
-}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java

@@ -1,42 +0,0 @@
-package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
-
-import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-
-@EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
-@Configuration
-public class WebSecurityConfig {
-
-    private final AuthorizationFilter filter;
-
-    @Autowired
-    public WebSecurityConfig(AuthorizationFilter filter) {
-        this.filter = filter;
-    }
-
-    @Bean
-    public EntryPoint entryPoint() {
-        return new EntryPoint();
-    }
-
-    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf(AbstractHttpConfigurer::disable);
-        http.addFilterBefore(filter, BasicAuthenticationFilter.class);
-        http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
-        http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
-        http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
-        return http.build();
-    }
-
-}

src/main/resources/authorization.properties

@@ -1,4 +1,3 @@
-#dev
 spring.session.store-type=none
 authorization.security.userInfoUrl=
 authorization.security.domain=di.uoa.gr