Fix security

783e2dc9 · Ruben Backx · 8d93d6c9 · 783e2dc9 · 783e2dc9
Commit 783e2dc9 authored 3 months ago by Ruben Backx
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -10,7 +10,7 @@ version = "1.1.0"
 val javaVersion = JavaVersion.VERSION_21

 val labradoorVersion = "1.7.0"
-val libradorVersion = "1.5.0"
+val libradorVersion = "1.4.1"
 val chihuahUIVersion = "1.2.2"
 val commonsVersion = "3.2.2"
 val jaegerVersion = "3.3.1"

--- a/src/main/java/nl/tudelft/portal/security/PortalSecurityConfigurerAdapter.java
+++ b/src/main/java/nl/tudelft/portal/security/PortalSecurityConfigurerAdapter.java
@@ -17,43 +17,23 @@
 */
 package nl.tudelft.portal.security;

-import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
-
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

 import nl.tudelft.labracore.lib.security.LabradorSecurityConfig;

-// import static org.springframework.security.web.util.matcher.
-// .AntPathRequestMatcher.antMatcher;
-
+@Order(22)
 @Configuration
-//@RequiredArgsConstructor
-//@EnableWebMvc
-@EnableMethodSecurity
-@EnableWebSecurity
 public class PortalSecurityConfigurerAdapter extends LabradorSecurityConfig {

 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		//		MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector).servletPath("/path");
-		// Homepage can be loaded without authentication, but all other request need authentication first
 		http
 				.authorizeHttpRequests(auth -> auth
-						.requestMatchers(antMatcher("/")).permitAll()
-						.requestMatchers(antMatcher("/font/**")).permitAll()
-						.requestMatchers(antMatcher("/css/**")).permitAll()
-						.requestMatchers(antMatcher("/js/**")).permitAll()
-						.requestMatchers(antMatcher("/img/**")).permitAll()
-						.requestMatchers(antMatcher("/webjars/**")).permitAll()
-						.requestMatchers(antMatcher("/privacy")).permitAll()
-						.requestMatchers(antMatcher("/error/**")).permitAll()
-						.requestMatchers(antMatcher("/favicon.ico")).permitAll()
-						.requestMatchers(antMatcher("/h2-console")).permitAll()
-						.anyRequest()
-						.authenticated());
-		//		return http.build();
+						.requestMatchers("/", "/font/**", "/css/**", "/js/**", "/img/**", "/webjars/**",
+								"/privacy", "/error/**", "/favicon.ico")
+						.permitAll()
+						.anyRequest().authenticated());
 	}
 }