cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: permit SPA routes and static assets in Spring Security
All checks were successful
CI / build (push) Successful in 38s
Details
CI / docker (push) Successful in 32s
Details

Browse Source 
The SPA (index.html, /login, /callback, /assets/*) must be accessible
without authentication. API routes remain protected.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-04 23:49:43 +02:00
parent ad6805e447
commit cda7dfbaa7
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java
View File

@@ -49,6 +49,8 @@ public class SecurityConfig {
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers("/actuator/health").permitAll() .requestMatchers("/actuator/health").permitAll()
.requestMatchers("/auth/verify").permitAll() .requestMatchers("/auth/verify").permitAll()
.requestMatchers("/", "/index.html", "/login", "/callback", "/environments/**", "/license").permitAll()
.requestMatchers("/assets/**", "/favicon.ico").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> {})) .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> {}))