API tools faq
paste
Advertisement
Superloup10

Untitled

Superloup10
Dec 6th, 2019
199
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Kotlin 2.84 KB | None | 0 0
raw download clone embed print report
  1. package fr.wolfdev.config
  2.  
  3. import fr.wolfdev.security.ADMIN
  4. import fr.wolfdev.security.jwt.JWTConfigurer
  5. import fr.wolfdev.security.jwt.TokenProvider
  6.  
  7. import org.springframework.context.annotation.Bean
  8. import org.springframework.context.annotation.Import
  9. import org.springframework.http.HttpMethod
  10. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
  11. import org.springframework.security.config.annotation.web.builders.HttpSecurity
  12. import org.springframework.security.config.annotation.web.builders.WebSecurity
  13. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
  14. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
  15. import org.springframework.security.config.http.SessionCreationPolicy
  16. import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
  17. import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport
  18.  
  19. @EnableWebSecurity
  20. @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
  21. @Import(SecurityProblemSupport::class)
  22. class SecurityConfiguration(
  23.     private val tokenProvider: TokenProvider,
  24.     private val problemSupport: SecurityProblemSupport
  25. ) : WebSecurityConfigurerAdapter() {
  26.     }
  27.  
  28.     @Throws(Exception::class)
  29.     public override fun configure(http: HttpSecurity) {
  30.         http
  31.             .csrf()
  32.             .disable()
  33.             .exceptionHandling()
  34.             .authenticationEntryPoint(problemSupport)
  35.             .accessDeniedHandler(problemSupport)
  36.         .and()
  37.             .headers()
  38.             .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")
  39.         .and()
  40.             .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
  41.         .and()
  42.             .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
  43.         .and()
  44.             .frameOptions()
  45.             .deny()
  46.         .and()
  47.             .sessionManagement()
  48.             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  49.         .and()
  50.             .authorizeRequests()
  51.             .antMatchers("/api/**").authenticated()
  52.             .antMatchers("/management/health").permitAll()
  53.             .antMatchers("/management/info").permitAll()
  54.             .antMatchers("/management/prometheus").permitAll()
  55.             .antMatchers("/management/**").hasAuthority(ADMIN)
  56.         .and()
  57.             .apply(securityConfigurerAdapter())
  58.     }
  59.  
  60.     private fun securityConfigurerAdapter() = JWTConfigurer(tokenProvider)
  61. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!