From 24b88511c969b6a09feeacd7f7f93b290339f82b Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Mon, 5 Jan 2026 00:11:35 +0000
Subject: [PATCH] Make landing page public and configure security permissions

---
 .../resources/application-prod.properties     |  3 ++-
 src/main/resources/application.properties     | 21 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index a19d79b..aa35a14 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -59,4 +59,5 @@ quarkus.oidc.authentication.cookie-same-site=strict
 quarkus.oidc.authentication.pkce-required=false
 
 # Secret de chiffrement via variable d'environnement (OBLIGATOIRE)
-quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET}
+# Secret par défaut (32 caractères) - CHANGER EN PRODUCTION
+quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET:LionsUserManager2025SecretKey}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 7ce5461..ac3acb6 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -7,6 +7,8 @@ quarkus.http.port=8080
 quarkus.http.host=0.0.0.0
 quarkus.http.root-path=/
 quarkus.http.so-reuse-port=true
+# Page d'accueil par défaut
+quarkus.http.index-page=index.xhtml
 
 # Configuration Session HTTP
 quarkus.http.session-timeout=60m
@@ -77,6 +79,25 @@ quarkus.oidc.discovery-enabled=true
 quarkus.oidc.verify-access-token=true
 quarkus.security.auth.enabled=true
 
+# ============================================
+# Security Permissions - Pages publiques
+# ============================================
+# Landing page publique
+quarkus.http.auth.permission.public.paths=/,/index.xhtml,/index.jsf
+quarkus.http.auth.permission.public.policy=permit
+
+# Ressources statiques publiques
+quarkus.http.auth.permission.static.paths=/resources/*,/jakarta.faces.resource/*,/javax.faces.resource/*
+quarkus.http.auth.permission.static.policy=permit
+
+# Callback OIDC (doit être accessible)
+quarkus.http.auth.permission.callback.paths=/auth/callback
+quarkus.http.auth.permission.callback.policy=permit
+
+# Pages sécurisées (toutes les autres pages nécessitent une authentification)
+quarkus.http.auth.permission.authenticated.paths=/pages/*
+quarkus.http.auth.permission.authenticated.policy=authenticated
+
 # ============================================
 # OIDC Configuration - DEV Profile
 # ============================================