From 0d96d792e73eee39e6632356e5d170cdcef149f4 Mon Sep 17 00:00:00 2001 From: kaledOu Date: Wed, 29 Jan 2025 16:44:54 +0100 Subject: [PATCH] [MOSIP-38917] Update TransactionServiceSecurityConfig.java Signed-off-by: kaledOu --- .../api/config/TransactionServiceSecurityConfig.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/registration-processor/post-processor/registration-processor-registration-transaction-service/src/test/java/io/mosip/registration/processor/transaction/api/transaction/api/config/TransactionServiceSecurityConfig.java b/registration-processor/post-processor/registration-processor-registration-transaction-service/src/test/java/io/mosip/registration/processor/transaction/api/transaction/api/config/TransactionServiceSecurityConfig.java index 866c4a9c271..01af469d9a4 100644 --- a/registration-processor/post-processor/registration-processor-registration-transaction-service/src/test/java/io/mosip/registration/processor/transaction/api/transaction/api/config/TransactionServiceSecurityConfig.java +++ b/registration-processor/post-processor/registration-processor-registration-transaction-service/src/test/java/io/mosip/registration/processor/transaction/api/transaction/api/config/TransactionServiceSecurityConfig.java @@ -2,6 +2,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -62,7 +63,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf(csrf -> csrf.disable()) .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedEntryPoint())) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authorizeHttpRequests((authz) -> authz.anyRequest().authenticated()) + .authorizeHttpRequests(authz -> authz + .requestMatchers(HttpMethod.GET, "/registrationprocessor/v1/registrationtransaction/**").authenticated() // Allow GET for transactions + .requestMatchers(HttpMethod.POST, "/registrationprocessor/v1/registrationtransaction/**").authenticated() // Require authentication for POST + .requestMatchers(HttpMethod.PUT, "/registrationprocessor/v1/registrationtransaction/**").authenticated() // Require authentication for PUT + .requestMatchers(HttpMethod.DELETE, "/transactions/**").denyAll() // Block DELETE globally + .anyRequest().authenticated() // Secure all other requests + ) .userDetailsService(userDetailsService()); return http.build(); @@ -90,4 +97,4 @@ public UserDetailsService userDetailsService() { Arrays.asList(new SimpleGrantedAuthority("ROLE_REGISTRATION_ADMIN")))); return new InMemoryUserDetailsManager(users); } -} \ No newline at end of file +}