Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
@EnableWebSecurity
public class SecurityConfig {
@Value("${security.enabled:false}")
private Boolean security_enabled;
@Configuration
@Order(1)
public class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/googleToken").authorizeRequests().anyRequest().permitAll();
http.csrf().disable();
}
}
@Configuration
@Order(2)
public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${jwtSecret}")
private String jwtSecret;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(new JWTFilter(jwtSecret), BasicAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/actuator/*").hasAuthority("ACTUATOR")
.antMatchers("/**").permitAll();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment