Require authentication for backend proxy

2026-06-03 14:39:23 +01:00
parent 45419f23c1
commit 102e906b36
1 changed files with 4 additions and 0 deletions
@@ -21,6 +21,10 @@ public class SecurityConfig {
        return http
                .csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/auth/**").permitAll()
+                        .requestMatchers("/debug/**").permitAll()
+                        .requestMatchers("/admin/**").permitAll()
+                        .requestMatchers("/api/backend/**").authenticated()
                        .anyRequest().permitAll()
                )
                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)