package ru.digitalbanana.demoresourceserver.config;
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.http.HttpMethod;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
@Configuration
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http.cors()
|
|
.and()
|
|
.authorizeRequests()
|
|
.antMatchers(HttpMethod.GET, "/userinfo", "/user/**")
|
|
.authenticated()
|
|
// .hasAuthority("SCOPE_web-api")
|
|
.anyRequest()
|
|
.authenticated()
|
|
.and()
|
|
.oauth2ResourceServer()
|
|
.jwt();
|
|
}
|
|
}
|