csrf is enabled again
This commit is contained in:
parent
f06bf516dd
commit
84c2c7c245
@ -90,8 +90,6 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@Order(2)
|
@Order(2)
|
||||||
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
|
public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
|
||||||
@ -103,10 +101,12 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
|
||||||
httpSecurity.authorizeRequests()
|
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
|
||||||
|
|
||||||
|
.authorizeRequests()
|
||||||
// .antMatchers(HttpMethod.POST, "/api/**").permitAll()
|
// .antMatchers(HttpMethod.POST, "/api/**").permitAll()
|
||||||
.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**",
|
.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
|
||||||
"/js/**", "/img/**")
|
"/perform_registration", "/css/**", "/js/**", "/img/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
|
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
|
||||||
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
|
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
|
||||||
@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
.and()
|
.and()
|
||||||
|
|
||||||
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
|
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
|
||||||
.successHandler(mySimpleUrlAuthenticationSuccessHandler)
|
.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
|
||||||
.and()
|
.logoutSuccessHandler(myLogoutSuccessHandler)
|
||||||
.logout().logoutSuccessHandler(myLogoutSuccessHandler)
|
|
||||||
// .failureUrl("/?login_error")
|
// .failureUrl("/?login_error")
|
||||||
// .and()
|
// .and()
|
||||||
// .logout().invalidateHttpSession(true)
|
// .logout().invalidateHttpSession(true)
|
||||||
@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||||||
// .logoutSuccessUrl("/").permitAll()
|
// .logoutSuccessUrl("/").permitAll()
|
||||||
// .and().httpBasic();
|
// .and().httpBasic();
|
||||||
// .and().cors()
|
// .and().cors()
|
||||||
.and().csrf().disable();
|
// .and().csrf().disable();
|
||||||
;
|
;
|
||||||
// httpSecurity
|
// httpSecurity
|
||||||
// .csrf().disable()
|
// .csrf().disable()
|
||||||
|
Loading…
Reference in New Issue
Block a user