X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=main%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fapi%2Fmain%2Fconfig%2FSecurityConfig.java;fp=main%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fapi%2Fmain%2Fconfig%2FSecurityConfig.java;h=231456d3a0594982a485c66d8f60184048d3d190;hb=27a8d72687096cc01af9f1b4338adadbf20c53e4;hp=367f92afbbfff312589f46ca9a7aa5d9ef5f5f9a;hpb=50816e1fdd0da6b932c3595f41425b595c3823f0;p=policy%2Fapi.git

diff --git a/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java b/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
index 367f92af..231456d3 100644
--- a/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
+++ b/main/src/main/java/org/onap/policy/api/main/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2022 Bell Canada. All rights reserved.
+ *  Modifications Copyright (C) 2023 Nordix Foundation.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,17 +21,30 @@
 
 package org.onap.policy.api.main.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
+/**
+ * Configure how access to this module's REST end points is secured.
+ */
 @Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        http.httpBasic().and()  // use Basic authentication
-            .authorizeRequests().anyRequest().authenticated() // allow authenticated access to all rest endpoints
-            .and().csrf().disable(); // CSRF filter is relevant when serving browser clients, hence disable
+public class SecurityConfig {
+    /**
+     * Return the configuration of how access to this module's REST end points is secured.
+     *
+     * @param http the HTTP security settings
+     * @return the HTTP security settings
+     */
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+            .httpBasic()
+            .and()
+            .authorizeHttpRequests().anyRequest().authenticated()
+            .and()
+            .csrf().disable();
+        return http.build();
     }
 }
\ No newline at end of file