Last active
October 10, 2018 14:00
-
-
Save artem-smotrakov/6ac47bbddffe30e63c01e0863c4d1f04 to your computer and use it in GitHub Desktop.
Restricting access by HTTP method may lead to a problem, see more in https://blog.gypsyengineer.com/en/security/tips-configuring-security-rest-api-spring.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Configuration | |
| @EnableWebSecurity | |
| public class SecurityConfig extends WebSecurityConfigurerAdapter { | |
| @Override | |
| protected void configure(HttpSecurity http) throws Exception { | |
| // ... | |
| http.authorizeRequests() | |
| .antMatchers(HttpMethod.GET).access("#oauth2.hasScope('get')") | |
| .antMatchers(HttpMethod.POST).access(""#oauth2.hasScope('post')"") | |
| .antMatchers(HttpMethod.PUT).access(""#oauth2.hasScope('put')"") | |
| .antMatchers(HttpMethod.DELETE).access(""#oauth2.hasScope('delete')"") | |
| .antMatchers(HttpMethod.PATCH).access(""#oauth2.hasScope('patch')"") | |
| .antMatchers(HttpMethod.OPTIONS).access(""#oauth2.hasScope('options')"") | |
| .antMatchers(HttpMethod.TRACE).access(""#oauth2.hasScope('trace')""); | |
| // did we forget anything? | |
| // ... | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment