50 lines
1.7 KiB
Java
50 lines
1.7 KiB
Java
package eu.openaire.urls_worker.security;
|
|
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity (
|
|
securedEnabled = false, // Just for now..
|
|
jsr250Enabled = true,
|
|
prePostEnabled = true
|
|
)
|
|
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
|
|
private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
|
|
|
|
|
|
// Defines which resources are public and which are secured.
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http
|
|
.headers()
|
|
.frameOptions()
|
|
.sameOrigin()
|
|
.and()
|
|
.cors()
|
|
.and()
|
|
.csrf()
|
|
.disable()
|
|
.exceptionHandling()
|
|
.and()
|
|
.sessionManagement()
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
.and()
|
|
.authorizeRequests()
|
|
.antMatchers("/**").permitAll()
|
|
//.anyRequest().authenticated()
|
|
//.and()
|
|
//.requiresChannel()
|
|
//.anyRequest().requiresSecure()
|
|
;
|
|
}
|
|
} |