Skip to content

Commit

Permalink
Allow web config fetch api without token
Browse files Browse the repository at this point in the history
  • Loading branch information
Marchosiax committed Oct 22, 2023
1 parent 5520012 commit 200d4bf
Showing 1 changed file with 4 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Value
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Profile
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.oauth2.jwt.JwtDecoder
Expand All @@ -23,9 +24,10 @@ class SecurityConfig {
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/actuator/**").permitAll()
.requestMatchers("/web/**").hasRole("SCOPE_trust", "admin_system")
.requestMatchers("/user/**").hasAuthority("SCOPE_trust")
.requestMatchers(HttpMethod.GET, "/web/v1").permitAll()
.requestMatchers("/web/**").hasRole("SCOPE_trust", "admin_system")
.requestMatchers("/actuator/**").permitAll()
.and()
.oauth2ResourceServer()
.jwt()
Expand Down

0 comments on commit 200d4bf

Please sign in to comment.