Skip to content
Snippets Groups Projects
Commit 9240131e authored by OZGCloud's avatar OZGCloud
Browse files

OZG-4939 Shortened SecurityCOnfig

parent 127ded4e
Branches
Tags
No related merge requests found
......@@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
......@@ -42,10 +41,6 @@ public class SecurityConfiguration {
SecurityFilterChain filterChain(HttpSecurity http, ServerProperties serverProperties, @Value("${permit-all:[]}") String[] permitAll)
throws Exception {
// Configure a resource server with JWT decoder (the customized
// jwtAuthenticationConverter is picked by Spring Boot)
http.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));
// State-less session (state in access-token only)
http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
......@@ -59,11 +54,6 @@ public class SecurityConfiguration {
response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
}));
// If SSL enabled, disable http (https only)
if (serverProperties.getSsl() != null && serverProperties.getSsl().isEnabled()) {
http.requiresChannel(channel -> channel.anyRequest().requiresSecure());
}
// @formatter:off
http.authorizeHttpRequests(requests -> requests
.requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
......@@ -71,8 +61,7 @@ public class SecurityConfiguration {
.requestMatchers("/api/**").authenticated()
.requestMatchers("/actuator").permitAll()
.requestMatchers("/actuator/**").permitAll()
.requestMatchers("/configserver/*/*").permitAll()
.requestMatchers("/configserver/*/*/*").permitAll()
.requestMatchers("/configserver/**").permitAll()
.anyRequest().denyAll());
// @formatter:on
......
......@@ -10,4 +10,4 @@ spring:
oauth2:
resourceserver:
jwt:
issuer-uri: https://sso.dev.by.ozg-cloud.de//realms/by-kiel-dev
\ No newline at end of file
issuer-uri: https://sso.dev.by.ozg-cloud.de/realms/by-kiel-dev
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment