From 18a6eac9a797f790b81fbe55686806dbe9dca39e Mon Sep 17 00:00:00 2001 From: Martin Ledvinka Date: Fri, 15 Sep 2023 14:51:58 +0200 Subject: [PATCH] [Fix] Fix security matcher configuration broken with update to Spring Security 6. --- .../java/cz/cvut/kbss/termit/config/SecurityConfig.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java b/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java index 799309643..9ae7ba447 100644 --- a/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java +++ b/src/main/java/cz/cvut/kbss/termit/config/SecurityConfig.java @@ -47,6 +47,8 @@ import java.util.Arrays; import java.util.Collections; +import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher; + @ConditionalOnProperty(prefix = "termit.security", name = "provider", havingValue = "internal", matchIfMissing = true) @Configuration @EnableWebSecurity @@ -88,8 +90,8 @@ public SecurityConfig(AuthenticationProvider authenticationProvider, public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { LOG.debug("Using internal security mechanisms."); final AuthenticationManager authManager = buildAuthenticationManager(http); - http.authorizeHttpRequests((auth) -> auth.requestMatchers("/rest/query").permitAll() - .requestMatchers("/**").permitAll()) + http.authorizeHttpRequests((auth) -> auth.requestMatchers(antMatcher("/rest/query")).permitAll() + .requestMatchers(antMatcher("/**")).permitAll()) .cors((auth) -> auth.configurationSource(corsConfigurationSource())) .csrf(AbstractHttpConfigurer::disable) .exceptionHandling(ehc -> ehc.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))