— Modification: Change security matchers (/user/update1, /user/update…

…2, /user/changePassword1) on denyAll() -> authenticated
tech1-agency · Jun 13, 2024 · be8e08a · be8e08a
1 parent 4df359a
commit be8e08a
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -12,7 +12,7 @@ env:
   DOCKER_MONGODB_SERVER_IMAGE: tech1-io/tech1-framework-b2b-mongodb-server
   DOCKER_POSTGRES_SERVER_IMAGE: tech1-io/tech1-framework-b2b-postgres-server
   DOCKER_VERSION: '2.8.7-SNAPSHOT'
-  DOCKER_PUSH_ENABLED: 'false'
+  DOCKER_PUSH_ENABLED: 'true'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,2 +1,2 @@
 ### Changelog [v2.8.7]
-— TBD
+— Modification: Change security matchers (/user/update1, /user/update2, /user/changePassword1) on denyAll() -> authenticated
diff --git a/docker/b2b-mongo-server/docker-compose.docker.yml b/docker/b2b-mongo-server/docker-compose.docker.yml
@@ -1,6 +1,6 @@
 services:
   t1f-b2b-mongodb-server:
-    image: ghcr.io/tech1-io/tech1-framework-b2b-mongodb-server:2.8.6
+    image: ghcr.io/tech1-io/tech1-framework-b2b-mongodb-server:2.8.7-SNAPSHOT
     restart: unless-stopped
     container_name: t1f-b2b-mongodb-server
     networks:

diff --git a/docker/b2b-postgres-server/docker-compose.docker.yml b/docker/b2b-postgres-server/docker-compose.docker.yml
@@ -1,6 +1,6 @@
 services:
   t1f-b2b-postgres-server:
-    image: ghcr.io/tech1-io/tech1-framework-b2b-postgres-server:2.8.6
+    image: ghcr.io/tech1-io/tech1-framework-b2b-postgres-server:2.8.7-SNAPSHOT
     restart: unless-stopped
     container_name: t1f-b2b-postgres-server
     networks:

diff --git a/...a/io/tech1/framework/b2b/base/security/jwt/configurations/ApplicationBaseSecurityJwt.java b/...a/io/tech1/framework/b2b/base/security/jwt/configurations/ApplicationBaseSecurityJwt.java
@@ -134,10 +134,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                     .requestMatchers(POST, basePathPrefix + "/authentication/logout").permitAll()
                     .requestMatchers(POST, basePathPrefix + "/authentication/refreshToken").permitAll()
                     .requestMatchers(GET, basePathPrefix + "/session/current").authenticated()
-                    .requestMatchers(POST, basePathPrefix + "/registration/register1").denyAll()
-                    .requestMatchers(POST, basePathPrefix + "/user/update1").denyAll()
+                    .requestMatchers(POST, basePathPrefix + "/registration/register1").authenticated()
+                    .requestMatchers(POST, basePathPrefix + "/user/update1").authenticated()
                     .requestMatchers(POST, basePathPrefix + "/user/update2").authenticated()
-                    .requestMatchers(POST, basePathPrefix + "/user/changePassword1").denyAll();
+                    .requestMatchers(POST, basePathPrefix + "/user/changePassword1").authenticated();
 
             if (this.applicationFrameworkProperties.getSecurityJwtConfigs().getEssenceConfigs().getInvitationCodes().isEnabled()) {
                 authorizeHttpRequests