From 3c5b2dfa66b54403fd89c11c4c23f17b054f7ce6 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Sun, 24 Sep 2023 11:36:22 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20=E3=82=BB=E3=82=AD=E3=83=A5=E3=83=AA?= =?UTF-8?q?=E3=83=86=E3=82=A3=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kotlin/dev/usbharu/hideout/config/SecurityConfig.kt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt index a09dbd43..aaa2746e 100644 --- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt @@ -15,7 +15,6 @@ import org.springframework.core.annotation.Order import org.springframework.security.config.Customizer import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity -import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity import org.springframework.security.core.Authentication import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder @@ -35,7 +34,6 @@ import java.security.interfaces.RSAPublicKey import java.util.* @EnableWebSecurity(debug = true) -@EnableWebFluxSecurity() @Configuration class SecurityConfig { @@ -70,9 +68,11 @@ class SecurityConfig { builder.pattern("/inbox"), builder.pattern("/api/v1/apps"), builder.pattern("/api/v1/instance/**"), - builder.pattern("/.well-known/**") + builder.pattern("/.well-known/**"), + builder.pattern("/error") ).permitAll() - it.requestMatchers(builder.pattern("/api/v1/**")).hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") + it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials")) + .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") it.anyRequest().denyAll() } http