diff options
Diffstat (limited to 'src/main/java/org/berzerkula/builddb/config/SecurityConfig.java')
| -rw-r--r-- | src/main/java/org/berzerkula/builddb/config/SecurityConfig.java | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java index da4b088..9e1ae1d 100644 --- a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java +++ b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java @@ -18,11 +18,12 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http + .securityMatcher("/**") //.requiresChannel(channel -> channel.anyRequest().requiresSecure()) .authorizeHttpRequests( auth -> auth .requestMatchers("/").permitAll() .requestMatchers("/actuator/health","/actuator/info").permitAll() - .requestMatchers("/actuator/**").hasRole(BuilddbConstants.ROLE_ADMIN) + .requestMatchers("/actuator/beans", "/actuator/env", "actuator/metrics", "/actuator/shutdown").hasRole(BuilddbConstants.ROLE_ADMIN) .requestMatchers("/contact").permitAll() .requestMatchers("/pkgs/**").hasRole(BuilddbConstants.ROLE_CLIENT) .requestMatchers("/register").permitAll() @@ -30,22 +31,23 @@ public class SecurityConfig { .requestMatchers("/logout").permitAll() .anyRequest().authenticated() ) + .csrf(csrf -> csrf + .ignoringRequestMatchers("/actuator/shutdown")) .formLogin(form -> form .loginPage("/login") .usernameParameter("email") .passwordParameter("password") .defaultSuccessUrl("/", true) ) - .logout(config -> config.logoutSuccessUrl("/")) .headers(headers -> headers .httpStrictTransportSecurity(hsts -> hsts - .includeSubDomains(true) - .maxAgeInSeconds(40) - .preload(false))) + .includeSubDomains(true) + .maxAgeInSeconds(40) + .preload(false))) + .logout(config -> config.logoutSuccessUrl("/")) .build(); } - - + @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); |