neviyn/ObservationDatabase
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

More strictly defined authenticated routes.

Browse Source
This commit is contained in:
neviyn 2018-10-08 11:44:05 +01:00
parent 65070275a3
commit 9e198fdaa5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/main/kotlin/uk/co/neviyn/observationdatabase/Security.kt
View File

@ -38,7 +38,7 @@ class CustomWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
@Throws(Exception::class) @Throws(Exception::class)
override fun configure(http: HttpSecurity) { override fun configure(http: HttpSecurity) {
http.csrf().disable().authorizeRequests() http.csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, "/api/**").authenticated() .antMatchers(HttpMethod.POST, "/api/site", "/api/tutor", "/api/observation").authenticated()
.anyRequest().permitAll() .anyRequest().permitAll()
.and() .and()
.httpBasic() .httpBasic()