nova
/
Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity
Browse Source

csrf is enabled again

master
Rohan Sircar 5 years ago
parent
f06bf516dd
commit
84c2c7c245
1 changed files with 11 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java

23
chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
View File

@ -90,23 +90,23 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
}
@Configuration
@Order(2)
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
@Autowired
private MyLogoutSuccessHandler myLogoutSuccessHandler;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.authorizeRequests()
// .antMatchers(HttpMethod.POST, "/api/**").permitAll()
.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**",
"/js/**", "/img/**")
.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
"/perform_registration", "/css/**", "/js/**", "/img/**")
.permitAll()
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
.and()
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
.successHandler(mySimpleUrlAuthenticationSuccessHandler)
.and()
.logout().logoutSuccessHandler(myLogoutSuccessHandler)
.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
.logoutSuccessHandler(myLogoutSuccessHandler)
// .failureUrl("/?login_error")
// .and()
// .logout().invalidateHttpSession(true)
@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
// .logoutSuccessUrl("/").permitAll()
// .and().httpBasic();
// .and().cors()
.and().csrf().disable();
// .and().csrf().disable();
;
// httpSecurity
// .csrf().disable()
@ -152,7 +151,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
// }
}
// @Override
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.eraseCredentials(false);

Write Preview
Loading…
Cancel
Save