remove special health security check because this can be made with
spring security out-of-the box Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>
This commit is contained in:
@@ -271,20 +271,6 @@ public class SecurityManagedConfiguration {
|
|||||||
return filterRegBean;
|
return filterRegBean;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Security configuration for the REST management API of the health url.
|
|
||||||
*/
|
|
||||||
@Configuration
|
|
||||||
@Order(310)
|
|
||||||
public static class HealthSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(final HttpSecurity http) throws Exception {
|
|
||||||
http.regexMatcher("/system/health").csrf().disable().httpBasic().and().sessionManagement()
|
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Security configuration for the REST management API.
|
* Security configuration for the REST management API.
|
||||||
*/
|
*/
|
||||||
@@ -310,7 +296,7 @@ public class SecurityManagedConfiguration {
|
|||||||
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
|
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
|
||||||
basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm());
|
basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm());
|
||||||
|
|
||||||
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system.*").csrf().disable();
|
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
|
||||||
if (springSecurityProperties.isRequireSsl()) {
|
if (springSecurityProperties.isRequireSsl()) {
|
||||||
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
||||||
}
|
}
|
||||||
@@ -337,9 +323,7 @@ public class SecurityManagedConfiguration {
|
|||||||
SessionManagementFilter.class)
|
SessionManagementFilter.class)
|
||||||
.authorizeRequests().anyRequest().authenticated()
|
.authorizeRequests().anyRequest().authenticated()
|
||||||
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||||
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN)
|
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
|
||||||
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/**")
|
|
||||||
.hasAnyAuthority(SpPermission.SYSTEM_DIAG);
|
|
||||||
|
|
||||||
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
|
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user