Add configuration for not deployed profile

Added changes to disable CSRF when app is not deployed
to make fab54d7 work.

JIRA: LIGHTY-213
Signed-off-by: tobias.pobocik <tobias.pobocik@pantheon.tech>
Signed-off-by: Ivan Hrasko <ivan.hrasko@pantheon.tech>

lighty-examples/lighty-controller-springboot-netconf/src/main/java/io/lighty/core/controller/springboot/config/SecurityConfiguration.java → lighty-examples/lighty-controller-springboot-netconf/src/main/java/io/lighty/core/controller/springboot/config/SecurityConfigurationDeployed.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2021 PANTHEON.tech s.r.o. All Rights Reserved.
+ * Copyright (c) 2018 PANTHEON.tech s.r.o. All Rights Reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
@@ -12,6 +12,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -21,13 +22,14 @@
 
 @EnableWebSecurity
 @Configuration
-public class SecurityConfiguration {
+@Profile("deployed")
+public class SecurityConfigurationDeployed {
 
     private final Enforcer enforcer;
     private final UserAccessService userAccessService;
 
     @Autowired
-    public SecurityConfiguration(Enforcer enforcer, UserAccessService userAccessService) {
+    public SecurityConfigurationDeployed(Enforcer enforcer, UserAccessService userAccessService) {
         this.enforcer = enforcer;
         this.userAccessService = userAccessService;
     }

lighty-examples/lighty-controller-springboot-netconf/src/main/java/io/lighty/core/controller/springboot/config/SecurityConfigurationNotDeployed.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2023 PANTHEON.tech s.r.o. All Rights Reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at https://www.eclipse.org/legal/epl-v10.html
+ */
+package io.lighty.core.controller.springboot.config;
+
+import io.lighty.core.controller.springboot.services.UserAccessService;
+import org.casbin.jcasbin.main.Enforcer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+@EnableWebSecurity
+@Configuration
+@Profile("!deployed") //Not(!) deployed profile
+public class SecurityConfigurationNotDeployed {
+
+    private final Enforcer enforcer;
+    private final UserAccessService userAccessService;
+
+    @Autowired
+    public SecurityConfigurationNotDeployed(Enforcer enforcer, UserAccessService userAccessService) {
+        this.enforcer = enforcer;
+        this.userAccessService = userAccessService;
+    }
+
+    @Bean
+    @Order(1)
+    protected SecurityFilterChain auth0FilterChain(HttpSecurity httpSecurity) throws Exception {
+        return httpSecurity
+                .csrf()
+                .disable()
+                .addFilterBefore(new JCasBinFilter(enforcer, userAccessService), BasicAuthenticationFilter.class)
+                .securityMatcher("/services/data/**")
+                .build();
+    }
+}