Refactor and secure backend configuration, DTOs, and authentication flow
- Updated pom.xml: removed redundant tags, grouped dependencies, added scopes, and upgraded plugins
- Enhanced RegisterUserDto with validation annotations and added missing fields (username, fullname)
- Updated User entity with builder constructor and removed redundant getters/setters
- Completed FileMetadata entity with Lombok and required setters/getters
- Improved HDFSConfig with correct annotation and clearer exception message
- Adjusted HTTP to HTTPS redirect port (8085 -> 8443)
- Allowed /actuator/** in SecurityConfig and disabled deprecated XSS protection
- Skipped JWT filter for /api/auth and /actuator paths
- Refactored AuthenticationService to use builder pattern and RSA key injection
- Fixed application.properties for static MySQL connection (removed ${MYSQL_PASSWORD})
This commit is contained in:
@@ -29,7 +29,7 @@ public class SecurityConfig {
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authenticationProvider(authenticationProvider)
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/api/auth/**").permitAll()
|
||||
.requestMatchers("/api/auth/**", "/actuator/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/public/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
@@ -41,7 +41,8 @@ public class SecurityConfig {
|
||||
.includeSubDomains(true)
|
||||
.maxAgeInSeconds(31536000)
|
||||
)
|
||||
.xssProtection(xss -> xss.block(true))
|
||||
// Spring Security 6+ no longer supports xss.block(true), so we just enable or disable it.
|
||||
.xssProtection(xss -> xss.disable())
|
||||
.frameOptions(frame -> frame.deny())
|
||||
)
|
||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
Reference in New Issue
Block a user