From ca8e68ac123e3f0ffbaf4c87dfe4cacc4eea6800 Mon Sep 17 00:00:00 2001 From: William Harrington Date: Fri, 14 Feb 2025 21:36:45 -0600 Subject: Add HSTS to security filter, actuator health and info permitall, enable specific info endpoints. --- .../java/org/berzerkula/builddb/config/SecurityConfig.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'src/main/java/org') diff --git a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java index 5a971d9..da4b088 100644 --- a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java +++ b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java @@ -21,11 +21,9 @@ public class SecurityConfig { //.requiresChannel(channel -> channel.anyRequest().requiresSecure()) .authorizeHttpRequests( auth -> auth .requestMatchers("/").permitAll() + .requestMatchers("/actuator/health","/actuator/info").permitAll() .requestMatchers("/actuator/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/env/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/health/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/info/**").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/contact").permitAll() + .requestMatchers("/contact").permitAll() .requestMatchers("/pkgs/**").hasRole(BuilddbConstants.ROLE_CLIENT) .requestMatchers("/register").permitAll() .requestMatchers("/login").permitAll() @@ -39,7 +37,12 @@ public class SecurityConfig { .defaultSuccessUrl("/", true) ) .logout(config -> config.logoutSuccessUrl("/")) - .build(); + .headers(headers -> headers + .httpStrictTransportSecurity(hsts -> hsts + .includeSubDomains(true) + .maxAgeInSeconds(40) + .preload(false))) + .build(); } -- cgit v1.2.3-54-g00ecf