Expose actuator to anonymous for health and readiness checks

Sheikah45 · Sheikah45 · commit af3a150df38f · 2026-06-14T07:11:50.000-04:00
diff --git a/src/main/java/com/faforever/api/config/FafApiProperties.java b/src/main/java/com/faforever/api/config/FafApiProperties.java
@@ -16,6 +16,7 @@ public class FafApiProperties {
    * The API version.
    */
   private String version;
+  private boolean allowAnonymous;
   private Jwt jwt = new Jwt();
   private OAuth2 oAuth2 = new OAuth2();
   private Async async = new Async();
@@ -258,11 +259,6 @@ public static class Smtp {
     private String password;
   }
 
-  @Data
-  public static class Anope {
-    private String databaseName;
-  }
-
   @Data
   public static class Rating {
     private int defaultMean;
diff --git a/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java b/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java
@@ -1,12 +1,18 @@
 package com.faforever.api.config.security;
 
 import com.faforever.api.security.method.CustomMethodSecurityExpressionHandler;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 
 @Configuration
+@ConditionalOnProperty(
+        value = "faf-api.allow-anonymous",
+        havingValue = "false",
+        matchIfMissing = true
+)
 @EnableMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
   @Bean
diff --git a/src/main/java/com/faforever/api/security/ElideUser.java b/src/main/java/com/faforever/api/security/ElideUser.java
@@ -24,7 +24,7 @@ public String getName() {
 
   @Override
   public boolean isInRole(String role) {
-    return fafAuthentication.hasRole(role);
+    return fafAuthentication != null && fafAuthentication.hasRole(role);
   }
 
   public Optional<Integer> getFafUserId() {
diff --git a/src/main/resources/config/application-local.yml b/src/main/resources/config/application-local.yml
@@ -1,4 +1,5 @@
 faf-api:
+  allow-anonymous: true
   jwt:
     secretKeyPath: ${JWT_PRIVATE_KEY_PATH:test-pki-private.key}
     publicKeyPath: ${JWT_PUBLIC_KEY_PATH:test-pki-public.key}
@@ -86,8 +87,8 @@ spring:
     oauth2:
       resourceserver:
         jwt:
-          jwk-set-uri: https://hydra.faforever.com/.well-known/jwks.json
-          issuer-uri: https://hydra.faforever.com/
+          jwk-set-uri: http://hydra.faforever.localhost/.well-known/jwks.json
+          issuer-uri: http://ory-hydra:4444/
 logging:
   level:
     com.faforever.api: debug

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public String getName() {`
`24`	`24`
`25`	`25`	`@Override`
`26`	`26`	`public boolean isInRole(String role) {`
`27`		`- return fafAuthentication.hasRole(role);`
	`27`	`+ return fafAuthentication != null && fafAuthentication.hasRole(role);`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`public Optional<Integer> getFafUserId() {`