ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openvidu-server: controller security simplified

pull/437/head
pabloFuente 2020-04-16 13:49:38 +02:00
parent 40eda8e1ac
commit 27bc1b9f3a
1 changed files with 7 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
View File

@ -37,31 +37,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
// Security for API REST // Security for API REST
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and() ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and()
.csrf().disable().authorizeRequests() .csrf().disable().authorizeRequests()
// /api/sessions // /api
.antMatchers(HttpMethod.GET, "/api/sessions").authenticated() .antMatchers("/api/**").authenticated()
.antMatchers(HttpMethod.GET, "/api/sessions/**").authenticated()
.antMatchers(HttpMethod.POST, "/api/sessions").authenticated()
.antMatchers(HttpMethod.POST, "/api/sessions/**").authenticated()
// /api/tokens
.antMatchers(HttpMethod.POST, "/api/tokens").authenticated()
// /api/recordings
.antMatchers(HttpMethod.GET, "/api/recordings").authenticated()
.antMatchers(HttpMethod.GET, "/api/recordings/**").authenticated()
.antMatchers(HttpMethod.POST, "/api/recordings/start").authenticated()
.antMatchers(HttpMethod.POST, "/api/recordings/stop").authenticated()
.antMatchers(HttpMethod.DELETE, "/api/recordings/**").authenticated()
// /config // /config
.antMatchers(HttpMethod.GET, "/config/openvidu-publicurl").permitAll() .antMatchers(HttpMethod.GET, "/config/openvidu-publicurl").permitAll()
.antMatchers(HttpMethod.GET, "/config/**").authenticated() .antMatchers(HttpMethod.GET, "/config/**").authenticated()
// /cdr // /cdr
.antMatchers(HttpMethod.GET, "/cdr/**").authenticated() .antMatchers(HttpMethod.GET, "/cdr/**").authenticated()
// /accept-certificate
.antMatchers(HttpMethod.GET, "/accept-certificate").permitAll()
// Dashboard // Dashboard
.antMatchers("/").authenticated(); .antMatchers("/dashboard").authenticated();
// Security for layouts // Security for recording layouts
conf.antMatchers("/layouts/**").authenticated(); conf.antMatchers("/layouts/**").authenticated();
// Security for recorded videos // Security for recorded video files
if (openviduConf.getOpenViduRecordingPublicAccess()) { if (openviduConf.getOpenViduRecordingPublicAccess()) {
conf = conf.antMatchers("/recordings/**").permitAll(); conf = conf.antMatchers("/recordings/**").permitAll();
} else { } else {