OZG-4939 Shortened SecurityCOnfig

9240131e · OZGCloud · 127ded4e · 9240131e · 9240131e
Commit 9240131e authored 1 year ago by OZGCloud
--- a/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
+++ b/src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java
@@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -42,10 +41,6 @@ public class SecurityConfiguration {
 	SecurityFilterChain filterChain(HttpSecurity http, ServerProperties serverProperties, @Value("${permit-all:[]}") String[] permitAll)
 			throws Exception {

-		// Configure a resource server with JWT decoder (the customized
-		// jwtAuthenticationConverter is picked by Spring Boot)
-		http.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
-
 		// State-less session (state in access-token only)
 		http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));

@@ -59,11 +54,6 @@ public class SecurityConfiguration {
 			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
 		}));

-		// If SSL enabled, disable http (https only)
-		if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
-			http.requiresChannel(channel -> channel.anyRequest().requiresSecure());
-		}
-
 		// @formatter:off
 		http.authorizeHttpRequests(requests -> requests
 				.requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
@@ -71,8 +61,7 @@ public class SecurityConfiguration {
 				.requestMatchers("/api/**").authenticated()
 				.requestMatchers("/actuator").permitAll()
 				.requestMatchers("/actuator/**").permitAll()
-				.requestMatchers("/configserver/*/*").permitAll()
-				.requestMatchers("/configserver/*/*/*").permitAll()
+				.requestMatchers("/configserver/**").permitAll()
 				.anyRequest().denyAll());
 		// @formatter:on


--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -10,4 +10,4 @@ spring:
    oauth2:
      resourceserver:
        jwt:
-          issuer-uri: https://sso.dev.by.ozg-cloud.de//realms/by-kiel-dev
\ No newline at end of file
+          issuer-uri: https://sso.dev.by.ozg-cloud.de/realms/by-kiel-dev
\ No newline at end of file