Skip to content

Commit

Permalink
#763: upgrade security configs
Browse files Browse the repository at this point in the history
  • Loading branch information
@StephanStrehlerCGI
StephanStrehlerCGI committed Oct 27, 2023
1 parent d475ad3 commit da1366f
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 30 deletions.
9 changes: 3 additions & 6 deletions ...y/src/main/java/de/muenchen/oss/digiwf/gateway/configuration/NoSecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,9 @@ public class NoSecurityConfiguration {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http
.authorizeExchange()
.anyExchange().permitAll()
.and()
.cors()
.and()
.csrf().disable()
.authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec.anyExchange().permitAll())
.cors(corsSpec -> {})
.csrf(ServerHttpSecurity.CsrfSpec::disable)
.build();
}

Expand Down
48 changes: 24 additions & 24 deletions ...way/src/main/java/de/muenchen/oss/digiwf/gateway/configuration/SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,36 +39,34 @@ public class SecurityConfiguration {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.logout()
.logout(logoutSpec -> {
//.logoutSuccessHandler(GatewayUtils.createLogoutSuccessHandler(LOGOUT_SUCCESS_URL))
.logoutSuccessHandler(new HttpStatusReturningServerLogoutSuccessHandler())
.logoutUrl(LOGOUT_URL)
.requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, LOGOUT_URL))
.and()
.authorizeExchange()
logoutSpec.logoutSuccessHandler(new HttpStatusReturningServerLogoutSuccessHandler())
.logoutUrl(LOGOUT_URL)
.requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, LOGOUT_URL));
})

.authorizeExchange(authorizeExchangeSpec -> {
// permitAll
.pathMatchers(HttpMethod.OPTIONS, "/api/**").permitAll()
.pathMatchers(LOGOUT_SUCCESS_URL).permitAll()
.pathMatchers("/api/*/info",
"/actuator/health",
"/actuator/info",
"/actuator/metrics").permitAll()
// only authenticated
.anyExchange().authenticated()
.and()
authorizeExchangeSpec.pathMatchers(HttpMethod.OPTIONS, "/api/**").permitAll()
.pathMatchers(LOGOUT_SUCCESS_URL).permitAll()
.pathMatchers("/api/*/info",
"/actuator/health",
"/actuator/info",
"/actuator/metrics").permitAll()
// only authenticated
.anyExchange().authenticated();
})
.cors(corsSpec -> {})
.csrf(csrfSpec -> {
/*
* The necessary subscription for csrf token attachment to {@link ServerHttpResponse}
* is done in class {@link CsrfTokenAppendingHelperFilter}.
*/
.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
.and()
.cors()
.and()
.oauth2Login()
/*
* Set security session timeout.
*/
.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler() {
csrfSpec.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse());
})
.oauth2Login(oAuth2LoginSpec -> {
oAuth2LoginSpec.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler() {
@Override
public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
webFilterExchange.getExchange().getSession().subscribe(
Expand All @@ -77,6 +75,8 @@ public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, A
return super.onAuthenticationSuccess(webFilterExchange, authentication);
}
});
});

return http.build();
}

Expand Down

0 comments on commit da1366f

Please sign in to comment.