in app/src/main/kotlin/io/klibs/app/configuration/SecurityConfiguration.kt [21:76]
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
disable()
}
cors {
disable()
}
httpBasic { }
authorizeHttpRequests {
authorize(HttpMethod.GET, "/categories.json", permitAll)
authorize(HttpMethod.GET, "tags/**", permitAll)
authorize(HttpMethod.OPTIONS, "tags/**", permitAll)
authorize(HttpMethod.GET, "owner/**", permitAll)
authorize(HttpMethod.OPTIONS, "owner/**", permitAll)
authorize(HttpMethod.GET, "package/**", permitAll)
authorize(HttpMethod.OPTIONS, "package/**", permitAll)
authorize(HttpMethod.GET, "project/**", permitAll)
authorize(HttpMethod.OPTIONS, "project/**", permitAll)
authorize(HttpMethod.GET, "search/**", permitAll)
authorize(HttpMethod.POST, "search/**", permitAll)
authorize(HttpMethod.OPTIONS, "search/**", permitAll)
authorize(HttpMethod.GET, "ping", permitAll)
authorize(HttpMethod.OPTIONS, "ping", permitAll)
authorize("/actuator/metrics", permitAll)
authorize("/actuator/prometheus", permitAll)
authorize("/error", permitAll)
if (environment.matchesProfiles("prod")) {
authorize("/blacklist/**", hasRole("ADMIN"))
authorize("/actuator/**", hasRole("actuator"))
authorize("/api-docs/**", hasRole("api-docs"))
authorize("package-description/**", hasRole("ADMIN"))
} else {
authorize("/blacklist/**", permitAll)
authorize("/actuator/**", permitAll)
authorize("/api-docs/**", permitAll)
authorize("package-description/**", permitAll)
}
authorize(anyRequest, authenticated)
}
}
return http.build()
}