-
Jan-Niclas Strüwer authoredJan-Niclas Strüwer authored
WebSecurityConfiguration.kt 1.04 KiB
package de.fraunhofer.iem.dataprovider
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.web.SecurityFilterChain
@Configuration
@EnableWebSecurity
class WebSecurityConfiguration {
@Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http.authorizeHttpRequests()
.requestMatchers(HttpMethod.POST, "/gitlab/repoChanged").permitAll()
// TODO: this is enabled for dev purposes only !
http.cors()
// https://www.baeldung.com/spring-security-csrf#stateless-spring-api
// "If our stateless API uses token-based authentication, such as JWT,
// we don't need CSRF protection, and we must disable it as we saw earlier."
http.csrf().disable()
return http.build()
}
}