Apply hilla route protection on Spring config (#32)

vaadin · Apr 16, 2024 · 658726a · 658726a
1 parent 5ac9643
commit 658726a
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/main/java/org/vaadin/example/security/SecurityConfig.java b/src/main/java/org/vaadin/example/security/SecurityConfig.java
@@ -12,15 +12,22 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import com.vaadin.flow.spring.security.VaadinWebSecurity;
+import com.vaadin.hilla.route.RouteUtil;
 
 @EnableWebSecurity
 @Configuration
 public class SecurityConfig extends VaadinWebSecurity {
+    private final RouteUtil routeUtil;
+
+    public SecurityConfig(RouteUtil routeUtil) {
+        this.routeUtil = routeUtil;
+    }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeHttpRequests(registry -> {
             registry.requestMatchers(new AntPathRequestMatcher("/")).permitAll();
+            registry.requestMatchers(routeUtil::isRouteAllowed).permitAll();
         });
         super.configure(http);
         setLoginView(http, "/login", "/");
@@ -46,4 +53,4 @@ public UserDetailsService users() {
                 .build();
         return new InMemoryUserDetailsManager(user, admin);
     }
-}
+}