diff options
author | Vitaly Takmazov | 2023-05-11 02:45:57 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2023-05-11 03:31:57 +0300 |
commit | 10e9371bb27ccae7b4c0efddb95deebfc7fe507b (patch) | |
tree | 21560b6129f019f5e0e86a726dc170877012793c /src/main/java/com | |
parent | bf14c99821615d9921940f9879866836767b39c3 (diff) |
Fix Actuator security configuration
Diffstat (limited to 'src/main/java/com')
-rw-r--r-- | src/main/java/com/juick/config/SecurityConfig.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index 41992e03..8a41ab5b 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -242,7 +242,6 @@ public class SecurityConfig { .requestMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment") .authenticated() - .requestMatchers("/actuator/**").hasRole("ADMIN") .anyRequest().permitAll()) .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER) .authorities(JuickUser.ANONYMOUS_AUTHORITY)) @@ -267,4 +266,10 @@ public class SecurityConfig { .headers().defaultsDisabled().cacheControl(); return http.build(); } + @Bean + public SecurityFilterChain securityWebFilterChain( + HttpSecurity http) throws Exception { + return http.securityMatcher("/actuator/**") + .authorizeHttpRequests(authorize -> authorize.anyRequest().hasRole("ADMIN")).build(); + } } |