Java tutorial
/******************************************************************************* * Copyright (c) 2016 Ruth Motza <rm{a}sernet{dot}de>. * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation, either version 3 * of the License, or (at your option) any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. * If not, see <http://www.gnu.org/licenses/>. * * Contributors: * Ruth Motza <rm{a}sernet{dot}de> - initial API and implementation ******************************************************************************/ package org.verinice.rest.security; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * Spring security configuration. See: * http://ryanjbaxter.com/2015/01/06/securing-rest-apis-with-spring-boot/ * * @author Ruth Motza {@literal <rm[at]sernet[dot]de>} */ @EnableWebSecurity @Configuration class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { // At the moment there are no unsecured services private final String[] unsecuredResources = {}; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(unsecuredResources).permitAll(); http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic().and().csrf().disable(); } }