Skip to content

Commit

Permalink
fix: MOVE-4040: Spring Security configuration
Browse files Browse the repository at this point in the history 
- Integrate five different WebSecurityConfigurerAdapter derivations.
  • Loading branch information
@johannmo
johannmo committed Apr 25, 2024
1 parent ad93996 commit 8658a6d
Showing 1 changed file with 19 additions and 66 deletions.
85 changes: 19 additions & 66 deletions ...er/src/main/java/no/difi/meldingsutveksling/serviceregistry/config/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,72 +22,10 @@ public class WebSecurityConfig {
@Configuration
@RequiredArgsConstructor
@Order(0)
public static class BasicAuthFilter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
http.antMatcher("/health/**")
.authorizeRequests()
.anyRequest().permitAll();
}
}

@Configuration
@RequiredArgsConstructor
@Order(1)
public static class AdminApiSecurityConfiguration extends WebSecurityConfigurerAdapter {

private final SecurityProperties props;

@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
http.headers().frameOptions().sameOrigin().and()
.antMatcher("/api/**")
.authorizeRequests()
.antMatchers("/api/**").authenticated().and()
.httpBasic();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(props.getUser().getName())
.password("{noop}" + props.getUser().getPassword()).roles();
}
}

@Configuration
@Order(2)
public static class H2AdminFilter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().sameOrigin().and()
.antMatcher("/h2-console/**")
.authorizeRequests()
.antMatchers("/h2-console/**").permitAll();
}
}

@Configuration
@Order(3)
public static class JwkFilter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
http.antMatcher("/jwk")
.authorizeRequests()
.antMatchers("/jwk").permitAll();
}
}
public static class SecurityFilter extends WebSecurityConfigurerAdapter {

@Configuration
@RequiredArgsConstructor
@Order(4)
public static class OauthFilter extends WebSecurityConfigurerAdapter {
private final ServiceregistryProperties props;
private final SecurityProperties securityProperties;

@Override
protected void configure(HttpSecurity http) throws Exception {
Expand All @@ -96,9 +34,24 @@ protected void configure(HttpSecurity http) throws Exception {

http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
http.authorizeRequests().antMatchers("/**").authenticated()
http.authorizeRequests()
.antMatchers("/health/**", "/prometheus", "/h2-console/**", "/jwk").permitAll()
.and()
.headers().frameOptions().sameOrigin().and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.and()
.httpBasic()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and().oauth2ResourceServer(o -> o.authenticationManagerResolver(jwtIssuerAuthenticationManagerResolver));
}
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(securityProperties.getUser().getName())
.password("{noop}" + securityProperties.getUser().getPassword()).roles();
}
}
}

0 comments on commit 8658a6d

Please sign in to comment.