api-config/org.cryptotrader.api.library.config/SecurityConfig

SecurityConfig

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
open class SecurityConfig

Application Security configuration.

  • Enforces DPoP for DPoP-bound tokens by placing DPoPValidationFilter before JWT authentication.

  • Requires authentication for all endpoints except explicit allow-list (docs, auth, websockets, JWKS).

  • Enables CORS with credentialed requests only for refresh/logout; HSTS and a minimal CSP are applied.

Constructors

Link copied to clipboard
constructor()

Functions

Link copied to clipboard
@Bean
@Primary
open fun apiSecurityFilterChain(http: HttpSecurity, dpopValidationFilter: DpopValidationFilter, jwtAuthenticationFilter: JwtAuthenticationFilter, bindingEnforcementFilter: BindingEnforcementFilter): SecurityFilterChain
Link copied to clipboard
@Bean
@ConditionalOnMissingBean(value = [CorsConfigurationSource::class])
open fun corsConfigurationSource(@Value(value = "${cryptotrader.cors.allowed-origins:https://sscryptotrader.com}") origins: String): CorsConfigurationSource
Link copied to clipboard
@Bean
@ConditionalOnMissingBean(value = [IpBanService::class])
open fun ipBanService(): IpBanService