From a66aeb11573a6b9c12f758175b9b61207d465338 Mon Sep 17 00:00:00 2001 From: Tim Schimandle Date: Tue, 18 Oct 2016 21:07:52 -0600 Subject: [PATCH] BAEL-315 Change some security settings to allow discovery server operations. Copy static files from the eureka project to the zuul filter to display the discovery dashboard through the proxy. --- .../bootstrap/discovery/SecurityConfig.java | 42 ++++++++++++++++--- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/bootstrap/discovery/SecurityConfig.java b/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/bootstrap/discovery/SecurityConfig.java index 780d20e573..5bfd3a3b38 100644 --- a/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/bootstrap/discovery/SecurityConfig.java +++ b/spring-cloud/spring-cloud-bootstrap/discovery/src/main/java/com/baeldung/spring/cloud/bootstrap/discovery/SecurityConfig.java @@ -2,14 +2,17 @@ package com.baeldung.spring.cloud.bootstrap.discovery; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; @Configuration @EnableWebSecurity +@Order(1) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired @@ -23,14 +26,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.ALWAYS) + .and() + .requestMatchers() + .antMatchers("/eureka/**") + .and() .authorizeRequests() - .antMatchers("/eureka/js/**","/eureka/css/**","/eureka/images/**","/eureka/fonts/**").authenticated() .antMatchers("/eureka/**").hasRole("SYSTEM") - .antMatchers(HttpMethod.GET, "/").hasRole("ADMIN") - .anyRequest().authenticated() - .and() + .anyRequest().denyAll() + .and() + .httpBasic() + .and() + .csrf().disable(); + } + + @Configuration + //no order tag means this is the last security filter to be evaluated + public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter { + + @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication(); + } + + @Override protected void configure(HttpSecurity http) throws Exception { + http + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.NEVER) + .and() .httpBasic() - .and() + .disable() + .authorizeRequests() + .antMatchers(HttpMethod.GET, "/").hasRole("ADMIN") + .antMatchers("/info","/health").authenticated() + .antMatchers("/eureka/js/**", "/eureka/css/**", "/eureka/images/**", "/eureka/fonts/**").authenticated() + .anyRequest().denyAll() + .and() .csrf().disable(); + } } }