micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9110: temp removing file-upload

Browse source
This commit is contained in:
adel.kalimullin 2025-04-11 12:33:41 +03:00
parent d7aa38bb57
commit e9a82a9767
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java
View file

@ -33,6 +33,7 @@ public class SecurityConfig {
private static final String[] PERMIT_ALL = new String[] {
"/version", "/esia/url", "/esia/auth", "esia/refresh", "/esia/logout"
};
private static final String DENY_ALL = "/employee/document";
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Autowired
@ -57,11 +58,11 @@ public class SecurityConfig {
// Use only the handle() method of XorCsrfTokenRequestAttributeHandler and the
// default implementation of resolveCsrfTokenValue() from CsrfTokenRequestHandler
CsrfTokenRequestHandler requestHandler = delegate::handle;
http.authorizeHttpRequests(
(authorizeHttpRequests) -> authorizeHttpRequests.requestMatchers(PERMIT_ALL)
.permitAll()
.anyRequest()
.authenticated())
http.authorizeHttpRequests((authorizeHttpRequests) -> authorizeHttpRequests
.requestMatchers(DENY_ALL).denyAll()
.requestMatchers(PERMIT_ALL).permitAll()
.anyRequest().authenticated()
)
.csrf((csrf) -> csrf.csrfTokenRepository(tokenRepository)
.csrfTokenRequestHandler(requestHandler)
.sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy()))