SLVUU-79: Automatically redirect HTTP to HTTPS

finos · Jan 11, 2024 · f4e1cc4 · f4e1cc4
1 parent 2e540ab
commit f4e1cc4
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/layout-server/pom.xml b/layout-server/pom.xml
@@ -39,6 +39,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>

diff --git a/...rg/finos/vuu/layoutserver/CorsConfig.java → ...s/vuu/layoutserver/config/CorsConfig.java b/...rg/finos/vuu/layoutserver/CorsConfig.java → ...s/vuu/layoutserver/config/CorsConfig.java
@@ -1,4 +1,4 @@
-package org.finos.vuu.layoutserver;
+package org.finos.vuu.layoutserver.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;

diff --git a/layout-server/src/main/java/org/finos/vuu/layoutserver/config/SecurityConfig.java b/layout-server/src/main/java/org/finos/vuu/layoutserver/config/SecurityConfig.java
@@ -0,0 +1,19 @@
+package org.finos.vuu.layoutserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.requiresChannel().anyRequest().requiresSecure();
+        return http.build();
+    }
+
+}