Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package fr.wolfdev.config
- import fr.wolfdev.security.ADMIN
- import fr.wolfdev.security.jwt.JWTConfigurer
- import fr.wolfdev.security.jwt.TokenProvider
- import org.springframework.context.annotation.Bean
- import org.springframework.context.annotation.Import
- import org.springframework.http.HttpMethod
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
- import org.springframework.security.config.annotation.web.builders.HttpSecurity
- import org.springframework.security.config.annotation.web.builders.WebSecurity
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
- import org.springframework.security.config.http.SessionCreationPolicy
- import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
- import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
- @Import(SecurityProblemSupport::class)
- class SecurityConfiguration(
- private val tokenProvider: TokenProvider,
- private val problemSupport: SecurityProblemSupport
- ) : WebSecurityConfigurerAdapter() {
- }
- @Throws(Exception::class)
- public override fun configure(http: HttpSecurity) {
- http
- .csrf()
- .disable()
- .exceptionHandling()
- .authenticationEntryPoint(problemSupport)
- .accessDeniedHandler(problemSupport)
- .and()
- .headers()
- .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")
- .and()
- .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
- .and()
- .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
- .and()
- .frameOptions()
- .deny()
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .authorizeRequests()
- .antMatchers("/api/**").authenticated()
- .antMatchers("/management/health").permitAll()
- .antMatchers("/management/info").permitAll()
- .antMatchers("/management/prometheus").permitAll()
- .antMatchers("/management/**").hasAuthority(ADMIN)
- .and()
- .apply(securityConfigurerAdapter())
- }
- private fun securityConfigurerAdapter() = JWTConfigurer(tokenProvider)
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement