Change security filters to protect config endpoints

@JulienMrgrd I'm not sure why you changed them in the first place, can you check this code? Fix #150
jhipster · Jun 19, 2017 · 7ff2087 · 7ff2087
1 parent ba78bf8
commit 7ff2087
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/src/main/java/io/github/jhipster/registry/config/SecurityConfiguration.java b/src/main/java/io/github/jhipster/registry/config/SecurityConfiguration.java
@@ -33,10 +33,7 @@ public void configure(WebSecurity web) throws Exception {
         web.ignoring()
             .antMatchers(HttpMethod.OPTIONS, "/**")
             .antMatchers("/app/**/*.{js,html}")
-            .antMatchers("/bower_components/**")
-            .antMatchers("/content/**")
-            .antMatchers("/test/**")
-            .antMatchers("/h2-console/**");
+            .antMatchers("/content/**");
     }
 
     @Override
@@ -58,14 +55,13 @@ protected void configure(HttpSecurity http) throws Exception {
             .realmName("JHipster Registry")
         .and()
             .authorizeRequests()
-            .antMatchers("/**").permitAll() // cannot reconnect without this line
-            .antMatchers("/api/**").authenticated()
-            .antMatchers("/api/authenticate").permitAll()
             .antMatchers("/eureka/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/config/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/management/health").permitAll()
+            .antMatchers("/api/authenticate").permitAll()
+            .antMatchers("/api/**").authenticated()
             .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .anyRequest().authenticated() // always at the end
+            .antMatchers("/*").permitAll()
+            .anyRequest().authenticated()
         .and()
             .apply(securityConfigurerAdapter());
     }