From d7d05132c800500ceab351345925dec388682503 Mon Sep 17 00:00:00 2001 From: Anton Romanov Date: Tue, 28 Jan 2025 12:31:54 +0400 Subject: [PATCH] Fix spring security config --- .../ulstu/configuration/SecurityConfiguration.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java index 74dd2d1..97d2cc7 100644 --- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java +++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java @@ -17,18 +17,24 @@ import ru.ulstu.model.UserRoleConstants; @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration { private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class); + private final String[] permittedUrls = new String[]{ + "/login", "/index", "/news/**", + "/meetings/**", "/files/**", "/docs/**", + "/public/**", "/organizers", "/webjars/**", + "/h2-console/*", "/h2-console", + "/css/**", "/js/**", "/img/**", + "/templates/**", "/webjars/**"}; @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { log.debug("Security enabled"); + http .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth.requestMatchers("/").permitAll() - .requestMatchers("/login", "/index", "/news/**", "/meetings/**", "/files/**", "/docs/**", - "/public/**", "/organizers", "/webjars/**", "/h2-console/*", "/h2-console", - "/css/**", "/js/**", "/img/**", "/templates/**", "/webjars/**").permitAll() + .requestMatchers(permittedUrls).permitAll() .requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN) .anyRequest().authenticated()) .formLogin(form ->