feat: セキュリティの設定を修正

2023-09-24 11:36:22 +09:00 · 2023-09-24 11:36:22 +09:00 · 3c5b2dfa66
parent e78f86e120
commit 3c5b2dfa66
1 changed files with 4 additions and 4 deletions
--- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
@ -15,7 +15,6 @@ import org.springframework.core.annotation.Order
 import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
 import org.springframework.security.core.Authentication
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
@ -35,7 +34,6 @@ import java.security.interfaces.RSAPublicKey
 import java.util.*

@EnableWebSecurity(debug = true)
-@EnableWebFluxSecurity()
@Configuration
 class SecurityConfig {

@ -70,9 +68,11 @@ class SecurityConfig {
                    builder.pattern("/inbox"),
                    builder.pattern("/api/v1/apps"),
                    builder.pattern("/api/v1/instance/**"),
-                    builder.pattern("/.well-known/**")
+                    builder.pattern("/.well-known/**"),
+                    builder.pattern("/error")
                ).permitAll()
-                it.requestMatchers(builder.pattern("/api/v1/**")).hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
+                it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
+                    .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
                it.anyRequest().denyAll()
            }
        http