From 704596953fa96d74cfe37c871c899c27e15f6a8c Mon Sep 17 00:00:00 2001
From: fecaille <fabrice.ecaille@open-groupe.com>
Date: Fri, 11 Mar 2016 08:55:09 +0100
Subject: [PATCH] Security policy

---
 src/main/java/com/opengroupe/cloud/saas/Application.java | 2 ++
 ...SecurityConfig.java => WebSecurityConfiguration.java} | 9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 rename src/main/java/com/opengroupe/cloud/saas/config/{WebSecurityConfig.java => WebSecurityConfiguration.java} (61%)

diff --git a/src/main/java/com/opengroupe/cloud/saas/Application.java b/src/main/java/com/opengroupe/cloud/saas/Application.java
index 8902a7b..4e2ac8f 100644
--- a/src/main/java/com/opengroupe/cloud/saas/Application.java
+++ b/src/main/java/com/opengroupe/cloud/saas/Application.java
@@ -2,7 +2,9 @@ package com.opengroupe.cloud.saas;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 
+//@EnableOAuth2Sso
 @SpringBootApplication
 public class Application {
 
diff --git a/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java b/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
similarity index 61%
rename from src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java
rename to src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
index 7cf2cab..e879faf 100644
--- a/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfig.java
+++ b/src/main/java/com/opengroupe/cloud/saas/config/WebSecurityConfiguration.java
@@ -1,15 +1,20 @@
 package com.opengroupe.cloud.saas.config;
 
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
 @EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.authorizeRequests().anyRequest().permitAll();
+		http.csrf().disable()
+			.authorizeRequests()
+				.antMatchers(HttpMethod.GET, "/**").anonymous()
+				.antMatchers(HttpMethod.POST, "/api/**").anonymous()
+				.anyRequest().permitAll();
 	}
 }