Skip to content

Commit

Permalink
fix security configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
kozjan committed Sep 6, 2023
1 parent cdb9c48 commit 620b841
Showing 1 changed file with 2 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,13 @@ package pl.allegro.tech.servicemesh.envoycontrol.chaos.api
import org.springframework.boot.context.properties.ConfigurationProperties
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.http.HttpStatus
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
import org.springframework.web.bind.annotation.DeleteMapping
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PathVariable
Expand Down Expand Up @@ -67,8 +65,8 @@ class ChaosController(val chaosService: ChaosService) {
http {
httpBasic { }
authorizeHttpRequests {
authorize(AntPathRequestMatcher("/chaos/fault/**", HttpMethod.POST.name()), hasRole("CHAOS"))
authorize(anyRequest, permitAll) // todo: ???
authorize("/chaos/fault/**", hasRole("CHAOS"))
authorize("/actuator/health", permitAll)
}
csrf { disable() }
formLogin { disable() }
Expand Down

0 comments on commit 620b841

Please sign in to comment.