Skip to content

Commit

Permalink
fix security config
Browse files Browse the repository at this point in the history
  • Loading branch information
@MaggiWuerze
MaggiWuerze committed Dec 8, 2023
1 parent b24a8e4 commit 0f5c541
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions src/main/java/de/maggiwuerze/xdccloader/config/SpringSecurityConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package de.maggiwuerze.xdccloader.config;

import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
Expand All @@ -8,6 +10,9 @@
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
Expand All @@ -20,23 +25,19 @@ class SpringSecurityConfig implements WebMvcConfigurer {

@Bean
public SecurityFilterChain configure(HttpSecurity http) throws Exception {

// http
// .headers()
// .frameOptions().sameOrigin();

http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers(PathRequest.toH2Console()).permitAll()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.requestMatchers("/webjars/**", "/resources/**").permitAll()
)
.csrf(AbstractHttpConfigurer::disable);
.requestMatchers("/","/webjars/**", "/resources/**").permitAll()
.anyRequest().permitAll()
);
http.csrf(AbstractHttpConfigurer::disable);
http.cors(AbstractHttpConfigurer::disable);

return http.build();
}


@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {

Expand All @@ -47,7 +48,9 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {

@Override
public void addCorsMappings(CorsRegistry registry) {

registry.addMapping("/**");
registry.addMapping("/initialization**");
}

}

0 comments on commit 0f5c541

Please sign in to comment.