fix: Ensure /websocket/tracker/ cant bypass

Refer: jhipster/generator-jhipster#13440
jhipster · Apr 18, 2021 · b7fe440 · b7fe440
1 parent b59bdf9
commit b7fe440
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/generators/server/templates/src/main/kotlin/package/config/SecurityConfiguration.kt.ejs b/generators/server/templates/src/main/kotlin/package/config/SecurityConfiguration.kt.ejs
@@ -253,8 +253,7 @@ class SecurityConfiguration(
             .antMatchers("/api/admin/**").hasAuthority(ADMIN)
             .antMatchers("/api/**").authenticated()
             <%_ if (websocket === 'spring-websocket') { _%>
-            .antMatchers("/websocket/tracker").hasAuthority(ADMIN)
-            .antMatchers("/websocket/**").permitAll()
+            .antMatchers("/websocket/**").authenticated()
             <%_ } _%>
             .antMatchers("/management/health").permitAll()
             .antMatchers("/management/health/**").permitAll()

diff --git a/generators/server/templates/src/main/kotlin/package/config/UaaConfiguration.kt.ejs b/generators/server/templates/src/main/kotlin/package/config/UaaConfiguration.kt.ejs
@@ -103,7 +103,8 @@ class UaaConfiguration(
                 .antMatchers("/api/authenticate").permitAll()
                 .antMatchers("/api/account/reset-password/init").permitAll()
                 .antMatchers("/api/account/reset-password/finish").permitAll()
-                .antMatchers("/api/**").authenticated()
+                .antMatchers("/api/**").authenticated()<% if (websocket === 'spring-websocket') { %>
+                .antMatchers("/websocket/**").authenticated()<% } %>
                 .antMatchers("/management/health").permitAll()
                 .antMatchers("/management/health/**").permitAll()
                 .antMatchers("/management/**").hasAuthority(ADMIN)