| | |
|---|
| | | @EnableWebSecurity |
|---|
| | | public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|---|
| | | public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization"; |
|---|
| | | public static final String REFRESH_TOKEN_HEADER_NAME = "X-Refrsh-Token"; |
|---|
| | | public static final String AUTHENTICATION_PARAM_NAME = "_token"; |
|---|
| | | public static final String AUTHENTICATION_URL = "/auth/login"; |
|---|
| | | public static final String REFRESH_TOKEN_URL = "/auth/token"; |
|---|
| | |
|---|
| | | .antMatchers(permitAllEndpointList.toArray(new String[permitAllEndpointList.size()])) |
|---|
| | | .permitAll() |
|---|
| | | .and() |
|---|
| | | .headers().frameOptions().disable() |
|---|
| | | .and() |
|---|
| | | .authorizeRequests() |
|---|
| | | .antMatchers(API_ROOT_URL).authenticated() // Protected API End-points |
|---|
| | | .and() |
|---|
