Merge remote-tracking branch 'upstream/master'
# Conflicts: # pom.xml # spring-cloud/spring-cloud-bootstrap/config/src/main/java/com/baeldung/spring/cloud/bootstrap/config/SecurityConfig.java # spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/bootstrap/discovery/SecurityConfig.java # spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/SecurityConfig.java # spring-cloud/spring-cloud-bootstrap/resource/src/main/java/com/baeldung/spring/cloud/bootstrap/resource/SecurityConfig.java
This commit is contained in:
tschiman
@@ -15,37 +15,51 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
@Order(1)
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication().withUser("discUser").password("discPassword").roles("SYSTEM");
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
|
||||
auth.inMemoryAuthentication().withUser("discUser").password("discPassword").roles("SYSTEM");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
|
||||
.and()
|
||||
.requestMatchers()
|
||||
.antMatchers("/eureka/**")
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/eureka/**").hasRole("SYSTEM")
|
||||
.anyRequest().denyAll()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.csrf()
|
||||
.disable();
|
||||
}
|
||||
|
||||
@Configuration
|
||||
//no order tag means this is the last security filter to be evaluated
|
||||
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
|
||||
.requestMatchers().antMatchers("/eureka/**").and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/eureka/**").hasRole("SYSTEM")
|
||||
.anyRequest().denyAll().and()
|
||||
.httpBasic().and()
|
||||
.csrf().disable();
|
||||
}
|
||||
|
||||
@Configuration
|
||||
//no order tag means this is the last security filter to be evaluated
|
||||
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and()
|
||||
.httpBasic().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
|
||||
.antMatchers("/info", "/health").authenticated()
|
||||
.anyRequest().denyAll().and()
|
||||
.csrf().disable();
|
||||
}
|
||||
@Override protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
|
||||
.and()
|
||||
.httpBasic()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, "/").hasRole("ADMIN")
|
||||
.antMatchers("/info","/health").authenticated()
|
||||
.anyRequest().denyAll()
|
||||
.and()
|
||||
.csrf()
|
||||
.disable();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user