diff --git a/pom.xml b/pom.xml
index 5f7aeef..1caf653 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
org.springframework.boot
spring-boot-starter-parent
- 3.1.3
+ 3.2.2
@@ -29,9 +29,9 @@
false
- 1.9.10
- 1.19.0
- 4.9.0
+ 1.9.22
+ 1.19.4
+ 4.10.0
@@ -122,13 +122,13 @@
org.mockito.kotlin
mockito-kotlin
- 5.1.0
+ 5.2.1
test
org.wiremock
- wiremock
- 3.0.2
+ wiremock-standalone
+ 3.3.1
test
@@ -182,7 +182,7 @@
org.codehaus.mojo
build-helper-maven-plugin
- 3.4.0
+ 3.5.0
add-source
@@ -230,7 +230,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.10
+ 0.8.11
before-unit-test-execution
@@ -288,7 +288,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.1.2
+ 3.2.5
false
${surefire.jacoco.args}
@@ -302,7 +302,7 @@
org.apache.maven.plugins
maven-failsafe-plugin
- 3.1.2
+ 3.2.5
${failsafe.jacoco.args}
contract
diff --git a/src/main/kotlin/no/digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt b/src/main/kotlin/no/digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt
index 803adc4..af922ac 100644
--- a/src/main/kotlin/no/digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt
+++ b/src/main/kotlin/no/digdir/informasjonsforvaltning/fdk_dataservice_harvester/configuration/SecurityConfig.kt
@@ -5,6 +5,7 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
import org.springframework.security.oauth2.jwt.*
import org.springframework.security.oauth2.jwt.JwtClaimNames.AUD
@@ -15,14 +16,17 @@ open class SecurityConfig {
@Bean
open fun filterChain(http: HttpSecurity): SecurityFilterChain {
- http.csrf().disable()
- .cors().and()
- .authorizeHttpRequests{ authorize ->
- authorize.requestMatchers(HttpMethod.OPTIONS).permitAll()
- .requestMatchers(HttpMethod.POST, "/update/meta").authenticated()
- .requestMatchers(HttpMethod.GET).permitAll()
- .anyRequest().authenticated() }
- .oauth2ResourceServer { resourceServer -> resourceServer.jwt() }
+ http {
+ cors { }
+ csrf { disable() }
+ authorizeHttpRequests {
+ authorize(HttpMethod.OPTIONS, "/**", permitAll)
+ authorize(HttpMethod.POST, "/update/meta", authenticated)
+ authorize(HttpMethod.GET, "/**", permitAll)
+ authorize(anyRequest, authenticated)
+ }
+ oauth2ResourceServer { jwt { } }
+ }
return http.build()
}