diff options
| author | William Harrington <kb0iic@berzerkula.org> | 2025-02-14 21:36:45 -0600 |
|---|---|---|
| committer | William Harrington <kb0iic@berzerkula.org> | 2025-02-14 21:36:45 -0600 |
| commit | ca8e68ac123e3f0ffbaf4c87dfe4cacc4eea6800 (patch) | |
| tree | bf9ce54e56c45f380a08e8f725cf39515a09fea9 /src/main | |
| parent | 93edf161867499bfc7f4d25c5cb21c5a89b069d0 (diff) | |
Add HSTS to security filter, actuator health and info permitall, enable specific info endpoints.
Diffstat (limited to 'src/main')
| -rw-r--r-- | src/main/java/org/berzerkula/builddb/config/SecurityConfig.java | 13 | ||||
| -rw-r--r-- | src/main/resources/application.yml | 14 |
2 files changed, 21 insertions, 6 deletions
diff --git a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java index 5a971d9..da4b088 100644 --- a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java +++ b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java @@ -21,11 +21,9 @@ public class SecurityConfig { //.requiresChannel(channel -> channel.anyRequest().requiresSecure()) .authorizeHttpRequests( auth -> auth .requestMatchers("/").permitAll() + .requestMatchers("/actuator/health","/actuator/info").permitAll() .requestMatchers("/actuator/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/env/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/health/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/info/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/contact").permitAll() + .requestMatchers("/contact").permitAll() .requestMatchers("/pkgs/**").hasRole(BuilddbConstants.ROLE_CLIENT) .requestMatchers("/register").permitAll() .requestMatchers("/login").permitAll() @@ -39,7 +37,12 @@ public class SecurityConfig { .defaultSuccessUrl("/", true) ) .logout(config -> config.logoutSuccessUrl("/")) - .build(); + .headers(headers -> headers + .httpStrictTransportSecurity(hsts -> hsts + .includeSubDomains(true) + .maxAgeInSeconds(40) + .preload(false))) + .build(); } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 03b65d1..540bcf5 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -108,6 +108,7 @@ spring: mF9zaMVXgdBFCFEGK58XcFX2rhv4sIpcQAfRvbqMHfBst3Lnfu5PGw== -----END RSA PRIVATE KEY----- server: + port: 8443 ssl: bundle: berzerkula client-auth: want @@ -122,4 +123,15 @@ management: endpoints: web: exposure: - include: "*"
\ No newline at end of file + include: "*" + info: + env: + enabled: true + build: + enabled: true + git: + enabled: true + java: + enabled: true + os: + enabled: true
\ No newline at end of file |