Updates Spring Security unprotected paths for /internal.

navikt · Feb 21, 2025 · a02274b · a02274b
1 parent a1c69b8
commit a02274b
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 35 deletions.
diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java
@@ -27,7 +27,7 @@
 @Configuration
 @Profile("idporten")
 @EnableWebFluxSecurity
-public class IdportenSecurityConfig {
+class IdportenSecurityConfig {
 
     private static final String LOGOUT = "/logout";
     private static final String LOGIN = "/login";
@@ -46,15 +46,15 @@ public IdportenSecurityConfig(
     }
 
     @Bean
-    public ServerOAuth2AuthorizationRequestResolver pkceResolver(ReactiveClientRegistrationRepository repo) {
+    ServerOAuth2AuthorizationRequestResolver pkceResolver(ReactiveClientRegistrationRepository repo) {
         var resolver = new DefaultServerOAuth2AuthorizationRequestResolver(repo);
         resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
         return resolver;
     }
 
     @SneakyThrows
     @Bean
-    public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2AuthorizationRequestResolver requestResolver) {
+    SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2AuthorizationRequestResolver requestResolver) {
         var authenticationSuccessHandler = new DollyAuthenticationSuccessHandler();
         var authenticationManager = new AuthorizationCodeReactiveAuthenticationManger(JWK.parse(jwk));
         var logoutSuccessHandler = new LogoutSuccessHandler();
@@ -64,19 +64,17 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2Aut
                 .cors(ServerHttpSecurity.CorsSpec::disable)
                 .csrf(ServerHttpSecurity.CsrfSpec::disable)
                 .authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec.pathMatchers(
-                                "/internal/isReady",
-                                "/internal/isAlive",
-                                "/assets/*",
-                                "/internal/metrics",
-                                "/oauth2/callback",
-                                "/favicon.ico",
-                                LOGIN,
-                                LOGOUT,
-                                "/oauth2/logout",
                                 "/*.css",
                                 "/*.js",
                                 "/*.mjs",
-                                "/*.png"
+                                "/*.png",
+                                "/assets/*",
+                                "/favicon.ico",
+                                "/internal/**",
+                                "/oauth2/callback",
+                                "/oauth2/logout",
+                                LOGIN,
+                                LOGOUT
                         ).permitAll()
                         .anyExchange().authenticated())
                 .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec

diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/LocalSecurityConfig.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/LocalSecurityConfig.java
@@ -18,33 +18,31 @@
 @Configuration
 @Profile("local")
 @EnableWebFluxSecurity
-public class LocalSecurityConfig {
+class LocalSecurityConfig {
 
     private static final String LOGOUT = "/logout";
     private static final String LOGIN = "/login";
 
     @SneakyThrows
     @Bean
-    public SecurityWebFilterChain configure(ServerHttpSecurity http) {
+    SecurityWebFilterChain configure(ServerHttpSecurity http) {
         var authenticationSuccessHandler = new DollyAuthenticationSuccessHandler();
         var logoutSuccessHandler = new LogoutSuccessHandler();
 
         return http.cors(ServerHttpSecurity.CorsSpec::disable)
                 .csrf(ServerHttpSecurity.CsrfSpec::disable)
                 .authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec.pathMatchers(
-                                "/internal/isReady",
-                                "/internal/isAlive",
-                                "/assets/*",
-                                "/internal/metrics",
-                                "/oauth2/callback",
-                                "/favicon.ico",
-                                LOGIN,
-                                LOGOUT,
-                                "/oauth2/logout",
                                 "/*.css",
                                 "/*.js",
                                 "/*.mjs",
-                                "/*.png"
+                                "/*.png",
+                                "/assets/*",
+                                "/favicon.ico",
+                                "/internal/**",
+                                "/oauth2/callback",
+                                "/oauth2/logout",
+                                LOGIN,
+                                LOGOUT
                         ).permitAll()
                         .anyExchange().authenticated())
                 .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec

diff --git a/...tend/src/main/java/no/nav/testnav/apps/endringsmeldingfrontend/config/SecurityConfig.java b/...tend/src/main/java/no/nav/testnav/apps/endringsmeldingfrontend/config/SecurityConfig.java
@@ -16,10 +16,7 @@ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
                 .cors(ServerHttpSecurity.CorsSpec::disable)
                 .csrf(ServerHttpSecurity.CsrfSpec::disable)
                 .authorizeExchange(spec -> spec
-                        .pathMatchers(
-                                "/internal/isReady",
-                                "/internal/isAlive",
-                                "/internal/metrics")
+                        .pathMatchers("/internal/**")
                         .permitAll()
                         .anyExchange()
                         .authenticated())

diff --git a/...a-frontend/src/main/java/no/nav/testnav/apps/fastedatafrontend/config/SecurityConfig.java b/...a-frontend/src/main/java/no/nav/testnav/apps/fastedatafrontend/config/SecurityConfig.java
@@ -11,17 +11,14 @@
 @EnableWebFluxSecurity
 @EnableReactiveMethodSecurity
 @Configuration
-public class SecurityConfig {
+class SecurityConfig {
 
     @Bean
-    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
+    SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
         return http
                 .csrf(ServerHttpSecurity.CsrfSpec::disable)
                 .authorizeExchange(spec -> spec
-                        .pathMatchers(
-                                "/internal/isReady",
-                                "/internal/isAlive",
-                                "/internal/metrics")
+                        .pathMatchers("/internal/**")
                         .permitAll()
                         .anyExchange()
                         .authenticated())