Improve security filters
parent
4bb2960716
commit
169c6e6538
|
@ -13,8 +13,8 @@
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<org.springframework.version>6.0.10</org.springframework.version>
|
<org.springframework.version>6.0.11</org.springframework.version>
|
||||||
<org.springframework.addons>6.1.1</org.springframework.addons>
|
<org.springframework.addons>6.1.2</org.springframework.addons>
|
||||||
<hibernate.version>6.2.6.Final</hibernate.version>
|
<hibernate.version>6.2.6.Final</hibernate.version>
|
||||||
<hibernate-validator.version>6.0.21.Final</hibernate-validator.version>
|
<hibernate-validator.version>6.0.21.Final</hibernate-validator.version>
|
||||||
<spring-security-taglibs.version>6.0.2</spring-security-taglibs.version>
|
<spring-security-taglibs.version>6.0.2</spring-security-taglibs.version>
|
||||||
|
@ -51,6 +51,16 @@
|
||||||
<version>${org.springframework.version}</version>
|
<version>${org.springframework.version}</version>
|
||||||
<scope>compile</scope>
|
<scope>compile</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework</groupId>
|
||||||
|
<artifactId>spring-messaging</artifactId>
|
||||||
|
<version>${org.springframework.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework</groupId>
|
||||||
|
<artifactId>spring-websocket</artifactId>
|
||||||
|
<version>${org.springframework.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.postgresql</groupId>
|
<groupId>org.postgresql</groupId>
|
||||||
<artifactId>postgresql</artifactId>
|
<artifactId>postgresql</artifactId>
|
||||||
|
|
|
@ -44,13 +44,12 @@ public class SecurityConfig {
|
||||||
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
|
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
|
||||||
.authorizeHttpRequests(auth ->
|
.authorizeHttpRequests(auth ->
|
||||||
auth
|
auth
|
||||||
.requestMatchers("/users/").permitAll()
|
.requestMatchers(serviceMapper.pattern("/users/")).permitAll()
|
||||||
.requestMatchers("/users/resetPassword").permitAll()
|
.requestMatchers(serviceMapper.pattern("/users/resetPassword")).permitAll()
|
||||||
.requestMatchers("/oauth2/googlecallback").permitAll()
|
.requestMatchers(serviceMapper.pattern("/oauth2/googlecallback")).permitAll()
|
||||||
.requestMatchers("/oauth2/confirmaccountsync").permitAll()
|
.requestMatchers(serviceMapper.pattern("/oauth2/confirmaccountsync")).permitAll()
|
||||||
.requestMatchers("/admin/**").hasAnyRole("ADMIN")
|
.requestMatchers(serviceMapper.pattern("/admin/**")).hasAnyRole("ADMIN")
|
||||||
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
|
.requestMatchers(serviceMapper.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
||||||
|
|
||||||
)
|
)
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.httpBasic(httpBasic -> {
|
.httpBasic(httpBasic -> {
|
||||||
|
@ -76,12 +75,21 @@ public class SecurityConfig {
|
||||||
.authorizeHttpRequests(
|
.authorizeHttpRequests(
|
||||||
(auth) ->
|
(auth) ->
|
||||||
auth
|
auth
|
||||||
.requestMatchers("/login", "logout").permitAll()
|
.requestMatchers(mvcMatcher.pattern("/login")).permitAll()
|
||||||
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
|
.requestMatchers(mvcMatcher.pattern("/logout")).permitAll()
|
||||||
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
|
|
||||||
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
|
.requestMatchers(mvcMatcher.pattern("/registration")).permitAll()
|
||||||
.requestMatchers("/maps/*/document/xml-pub").permitAll()
|
.requestMatchers(mvcMatcher.pattern("/registration-success")).permitAll()
|
||||||
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
|
.requestMatchers(mvcMatcher.pattern("/registration-google")).permitAll()
|
||||||
|
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll()
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll()
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll()
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll()
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll()
|
||||||
|
.requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll()
|
||||||
|
.requestMatchers(mvcMatcher.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
||||||
|
.requestMatchers(restfullMapper.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
||||||
.anyRequest().authenticated())
|
.anyRequest().authenticated())
|
||||||
.formLogin((loginForm) ->
|
.formLogin((loginForm) ->
|
||||||
loginForm.loginPage("/c/login")
|
loginForm.loginPage("/c/login")
|
||||||
|
@ -102,7 +110,7 @@ public class SecurityConfig {
|
||||||
).authenticationSuccessHandler(authenticationSuccessHandler)
|
).authenticationSuccessHandler(authenticationSuccessHandler)
|
||||||
)
|
)
|
||||||
.csrf((csrf) ->
|
.csrf((csrf) ->
|
||||||
csrf.ignoringRequestMatchers("/logout"));
|
csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout")));
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
@ -110,9 +118,15 @@ public class SecurityConfig {
|
||||||
@Bean
|
@Bean
|
||||||
@Order(3)
|
@Order(3)
|
||||||
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
||||||
|
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector);
|
||||||
|
|
||||||
return http.authorizeHttpRequests(
|
return http.authorizeHttpRequests(
|
||||||
(auth) ->
|
(auth) ->
|
||||||
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll()
|
auth.requestMatchers(restfullMapper.pattern("/static/**")).permitAll().
|
||||||
|
requestMatchers(restfullMapper.pattern("/css/**")).permitAll().
|
||||||
|
requestMatchers(restfullMapper.pattern("/js/**")).permitAll().
|
||||||
|
requestMatchers(restfullMapper.pattern("/images/**")).permitAll().
|
||||||
|
requestMatchers(restfullMapper.pattern("/*")).permitAll()
|
||||||
).build();
|
).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue