|
11 | 11 | import com.digirati.elucidate.repository.security.GroupRepository; |
12 | 12 | import com.digirati.elucidate.repository.security.UserRepository; |
13 | 13 | import org.apache.commons.lang3.StringUtils; |
| 14 | +import org.springframework.http.HttpMethod; |
14 | 15 | import org.springframework.beans.factory.annotation.Autowired; |
15 | 16 | import org.springframework.beans.factory.annotation.Qualifier; |
16 | 17 | import org.springframework.beans.factory.annotation.Value; |
|
19 | 20 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; |
20 | 21 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
21 | 22 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
22 | | -import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; |
23 | 23 | import org.springframework.security.config.http.SessionCreationPolicy; |
24 | 24 | import org.springframework.security.jwt.crypto.sign.MacSigner; |
25 | 25 | import org.springframework.security.jwt.crypto.sign.RsaVerifier; |
@@ -69,11 +69,17 @@ public class AuthConfig implements ResourceServerConfigurer { |
69 | 69 | private String uidProperties; |
70 | 70 |
|
71 | 71 | /** |
72 | | - * The public key used to verify a tokens signature. |
| 72 | + * Is auth enabled? |
73 | 73 | */ |
74 | 74 | @Value("${auth.enabled:false}") |
75 | 75 | private boolean authEnabled; |
76 | 76 |
|
| 77 | + /** |
| 78 | + * Allow anonymous access to /w3c/* and /oa/* endpoints even when auth is enabled? |
| 79 | + */ |
| 80 | + @Value("${auth.anonReadAccess:false}") |
| 81 | + private boolean anonReadAccess; |
| 82 | + |
77 | 83 | /** |
78 | 84 | * The URL scheme that will be used in the OAuth2 resource id. |
79 | 85 | */ |
@@ -119,16 +125,30 @@ public void configure(ResourceServerSecurityConfigurer resources) throws Excepti |
119 | 125 |
|
120 | 126 | @Override |
121 | 127 | public void configure(HttpSecurity http) throws Exception { |
122 | | - ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizationConfigurer = http |
123 | | - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) |
124 | | - .and() |
125 | | - .authorizeRequests() |
126 | | - .anyRequest(); |
127 | | - |
128 | | - if (authEnabled) { |
129 | | - authorizationConfigurer.authenticated(); |
| 128 | + HttpSecurity authorizationConfigurer = http |
| 129 | + .sessionManagement() |
| 130 | + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) |
| 131 | + .and(); |
| 132 | + |
| 133 | + if (authEnabled && anonReadAccess) { |
| 134 | + authorizationConfigurer |
| 135 | + .authorizeRequests() |
| 136 | + .antMatchers(HttpMethod.GET, "/w3c/**", "/oa/**") |
| 137 | + .permitAll() |
| 138 | + .and() |
| 139 | + .authorizeRequests() |
| 140 | + .anyRequest() |
| 141 | + .authenticated(); |
| 142 | + } else if (authEnabled) { |
| 143 | + authorizationConfigurer |
| 144 | + .authorizeRequests() |
| 145 | + .anyRequest() |
| 146 | + .authenticated(); |
130 | 147 | } else { |
131 | | - authorizationConfigurer.permitAll(); |
| 148 | + authorizationConfigurer |
| 149 | + .authorizeRequests() |
| 150 | + .anyRequest() |
| 151 | + .permitAll(); |
132 | 152 | } |
133 | 153 | } |
134 | 154 |
|
|
0 commit comments