remove playground controller + add jwt test utils

build.gradle

@@ -41,6 +41,7 @@ dependencies {
 	implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
 	implementation("org.springframework.boot:spring-boot-starter-validation")
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
 	testImplementation 'io.projectreactor:reactor-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }

src/test/java/it/gov/pagopa/rtp/activator/JwtTestUtils.java

@@ -0,0 +1,50 @@
+package it.gov.pagopa.rtp.activator;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.MACSigner;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+
+import java.util.Date;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
+
+public final class JwtTestUtils {
+
+    public static String generateToken(String subject, String... roles) throws JOSEException {
+        return generateToken(subject, new Date(new Date().getTime() + 60 * 60 * 1000), roles); // 1 hour
+    }
+
+    public static String generateExpiredToken(String subject, String... roles) throws JOSEException {
+        return generateToken(subject, new Date(new Date().getTime() - 60 * 60 * 1000), roles); // 1 hour ago
+    }
+
+    private static String generateToken(String subject, Date expirationTime, String... roles) throws JOSEException {
+        // Create HMAC signer
+        JWSSigner signer = new MACSigner(
+                IntStream.range(0, 256).mapToObj(Integer::toString).collect(Collectors.joining())
+        );
+
+        // Prepare JWT with claims set
+        JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+                .subject(subject)
+                .claim("groups", roles)
+                .issuer("pagopa.it")
+                .expirationTime(expirationTime) // 1 hour expiration
+                .build();
+
+        SignedJWT signedJWT = new SignedJWT(
+                new JWSHeader(JWSAlgorithm.HS256),
+                claimsSet);
+
+        // Apply the HMAC signature
+        signedJWT.sign(signer);
+
+        // Serialize to compact form
+        return signedJWT.serialize();
+    }
+
+}

src/test/java/it/gov/pagopa/rtp/activator/configuration/NoSignatureJwtDecoderTest.java

@@ -0,0 +1,21 @@
+package it.gov.pagopa.rtp.activator.configuration;
+
+import com.nimbusds.jose.JOSEException;
+import it.gov.pagopa.rtp.activator.JwtTestUtils;
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+
+class NoSignatureJwtDecoderTest {
+
+
+    @Test
+    void givenSignedTokenMustDecodeWithoutVerifySignature() throws JOSEException {
+        final var decoder = new NoSignatureJwtDecoder();
+        final var token = JwtTestUtils.generateToken("me", "none");
+        assertThat(decoder.decode(token), Matchers.notNullValue());
+    }
+
+}
+

src/test/resources/application.properties

@@ -0,0 +1 @@
+logging.level.org.springframework.security=DEBUG