sombochea/spring-boot-realworld-example-app
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Only enable security config for h2-console when property is set

Browse Source
This commit is contained in:
Dario Seidl 2018-04-10 11:31:51 +02:00
parent 7e9b018d7e
commit 8ff2ebdf5e
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/io/spring/api/security/WebSecurityConfig.java
View File

@ -1,5 +1,6 @@
package io.spring.api.security; package io.spring.api.security;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint; import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -18,6 +19,10 @@ import static java.util.Arrays.asList;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${spring.h2.console.enabled:false}")
private boolean h2ConsoleEnabled;
@Bean @Bean
public JwtTokenFilter jwtTokenFilter() { public JwtTokenFilter jwtTokenFilter() {
return new JwtTokenFilter(); return new JwtTokenFilter();
@ -25,6 +30,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
if (h2ConsoleEnabled)
http.authorizeRequests()
.antMatchers("/h2-console", "/h2-console/**").permitAll()
.and()
.headers().frameOptions().sameOrigin();
http.csrf().disable() http.csrf().disable()
.cors() .cors()
.and() .and()
@ -36,11 +48,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers(HttpMethod.GET, "/articles/feed").authenticated() .antMatchers(HttpMethod.GET, "/articles/feed").authenticated()
.antMatchers(HttpMethod.POST, "/users", "/users/login").permitAll() .antMatchers(HttpMethod.POST, "/users", "/users/login").permitAll()
.antMatchers(HttpMethod.GET, "/articles/**", "/profiles/**", "/tags").permitAll() .antMatchers(HttpMethod.GET, "/articles/**", "/profiles/**", "/tags").permitAll()
.antMatchers("/h2-console", "/h2-console/**") .anyRequest().authenticated();
.permitAll()
.anyRequest().authenticated()
.and()
.headers().frameOptions().sameOrigin();
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
} }

3
src/main/resources/application.properties
View File

@ -5,4 +5,5 @@ jwt.sessionTime=86400
mybatis.config-location=classpath:mybatis-config.xml mybatis.config-location=classpath:mybatis-config.xml
mybatis.mapper-locations=mapper/*.xml mybatis.mapper-locations=mapper/*.xml
logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG logging.level.io.spring.infrastructure.mybatis.readservice.ArticleReadService=DEBUG
spring.h2.console.enabled=true # Uncomment the following line to enable and allow access to the h2-console
#spring.h2.console.enabled=true