| | |
|---|
| | | package com.pollex.pam.config; |
|---|
| | | |
|---|
| | | import com.pollex.pam.security.*; |
|---|
| | | import com.pollex.pam.business.security.AuthoritiesConstants; |
|---|
| | | import com.pollex.pam.security.jwt.*; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.context.annotation.Import; |
|---|
| | |
|---|
| | | .and() |
|---|
| | | .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN) |
|---|
| | | .and() |
|---|
| | | .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()") |
|---|
| | | .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'") |
|---|
| | | .and() |
|---|
| | | .frameOptions() |
|---|
| | | .deny() |
|---|
| | | .and() |
|---|
| | | .sessionManagement() |
|---|
| | | .sessionCreationPolicy(SessionCreationPolicy.STATELESS) |
|---|
| | | .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) |
|---|
| | | .and() |
|---|
| | | .authorizeRequests() |
|---|
| | | .antMatchers("/api/access_analysis/**").permitAll() |
|---|
| | | .antMatchers("/api/authenticate").permitAll() |
|---|
| | | .antMatchers("/api/logout").permitAll() |
|---|
| | | .antMatchers("/api/register").permitAll() |
|---|
| | | .antMatchers("/api/activate").permitAll() |
|---|
| | | .antMatchers("/api/testLogin/**").permitAll() |
|---|
| | | .antMatchers("/api/test/sendMsg/**").permitAll() |
|---|
| | | .antMatchers("/api/otp/**").permitAll() |
|---|
| | | .antMatchers("/api/login/validate/**").permitAll() |
|---|
| | | .antMatchers("/api/eService/authenticate/**").permitAll() |
|---|
| | | .antMatchers("/api/account/reset-password/init").permitAll() |
|---|
| | | .antMatchers("/api/account/reset-password/finish").permitAll() |
|---|
| | | .antMatchers("/api/consultant/recommend").permitAll() |
|---|
| | | .antMatchers("/api/consultant/detail").permitAll() |
|---|
| | | .antMatchers("/api/consultant/fastQuery").permitAll() |
|---|
| | | .antMatchers("/api/consultant/strictQuery").permitAll() |
|---|
| | | .antMatchers("/api/consultant/avatar/**").permitAll() |
|---|
| | | .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN) |
|---|
| | | .antMatchers("/api/**").authenticated() |
|---|
| | | .antMatchers("/websocket/**").authenticated() |
|---|
