More Related Content Similar to 10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019 (20) More from Matt Raible (20) 10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 20197. @Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
}
13. 'use strict';
const fetch = require('node-fetch');
const AWS = require('aws-sdk'); // eslint-disable-line
import/no-extraneous-dependencies
const s3 = new AWS.S3();
module.exports.save = (event, context, callback) => {
fetch(event.image_url)
.then((response) => {
if (response.ok) {
return response;
}
return Promise.reject(new Error(
`Failed to fetch ${response.url}: ${response.status}
${response.statusText}`));
})
.then(response => response.buffer())
.then(buffer => (
s3.putObject({
Bucket: process.env.BUCKET,
Key: event.key,
Body: buffer,
}).promise()
))
.then(v => callback(null, v), callback);
};
14. 'use strict';
const fetch = require('node-fetch');
const AWS = require('aws-sdk'); // eslint-disable-line
import/no-extraneous-dependencies
const s3 = new AWS.S3();
module.exports.save = (event, context, callback) => {
fetch(event.image_url)
.then((response) => {
if (response.ok) {
return response;
}
return Promise.reject(new Error(
`Failed to fetch ${response.url}: ${response.status}
${response.statusText}`));
})
.then(response => response.buffer())
.then(buffer => (
s3.putObject({
Bucket: process.env.BUCKET,
Key: event.key,
Body: buffer,
}).promise()
))
.then(v => callback(null, v), callback);
};
{
"dependencies": {
"aws-sdk": "^2.7.9",
"node-fetch": "^1.6.3"
}
}
15. 'use strict';
const fetch = require('node-fetch');
const AWS = require('aws-sdk'); // eslint-disable-line
import/no-extraneous-dependencies
const s3 = new AWS.S3();
module.exports.save = (event, context, callback) => {
fetch(event.image_url)
.then((response) => {
if (response.ok) {
return response;
}
return Promise.reject(new Error(
`Failed to fetch ${response.url}: ${response.status}
${response.statusText}`));
})
.then(response => response.buffer())
.then(buffer => (
s3.putObject({
Bucket: process.env.BUCKET,
Key: event.key,
Body: buffer,
}).promise()
))
.then(v => callback(null, v), callback);
};
{
"dependencies": {
"aws-sdk": "^2.7.9",
"node-fetch": "^1.6.3"
}
}
16. 'use strict';
const fetch = require('node-fetch');
const AWS = require('aws-sdk'); // eslint-disable-line
import/no-extraneous-dependencies
const s3 = new AWS.S3();
module.exports.save = (event, context, callback) => {
fetch(event.image_url)
.then((response) => {
if (response.ok) {
return response;
}
return Promise.reject(new Error(
`Failed to fetch ${response.url}: ${response.status}
${response.statusText}`));
})
.then(response => response.buffer())
.then(buffer => (
s3.putObject({
Bucket: process.env.BUCKET,
Key: event.key,
Body: buffer,
}).promise()
))
.then(v => callback(null, v), callback);
};
😱
{
"dependencies": {
"aws-sdk": "^2.7.9",
"node-fetch": "^1.6.3"
}
}
30. Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
31. @EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers()
.contentSecurityPolicy("script-src 'self' " +
"https://trustedscripts.example.com; " +
"object-src https://trustedplugins.example.com; " +
"report-uri /csp-report-endpoint/");
}
}