nova/Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

csrf is enabled again

Browse Source
This commit is contained in:
Rohan Sircar 2019-11-17 11:26:46 +05:30
parent f06bf516dd
commit 84c2c7c245
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
View File

@ -90,23 +90,23 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
} }
@Configuration @Configuration
@Order(2) @Order(2)
public static class FormWebSecurity extends WebSecurityConfigurerAdapter { public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
@Autowired @Autowired
private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler; private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
@Autowired @Autowired
private MyLogoutSuccessHandler myLogoutSuccessHandler; private MyLogoutSuccessHandler myLogoutSuccessHandler;
@Override @Override
protected void configure(HttpSecurity httpSecurity) throws Exception { protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests() httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.authorizeRequests()
// .antMatchers(HttpMethod.POST, "/api/**").permitAll() // .antMatchers(HttpMethod.POST, "/api/**").permitAll()
.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**", .antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
"/js/**", "/img/**") "/perform_registration", "/css/**", "/js/**", "/img/**")
.permitAll() .permitAll()
// .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll() // .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**") .antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
.and() .and()
.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login") .formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
.successHandler(mySimpleUrlAuthenticationSuccessHandler) .successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
.and() .logoutSuccessHandler(myLogoutSuccessHandler)
.logout().logoutSuccessHandler(myLogoutSuccessHandler)
// .failureUrl("/?login_error") // .failureUrl("/?login_error")
// .and() // .and()
// .logout().invalidateHttpSession(true) // .logout().invalidateHttpSession(true)
@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
// .logoutSuccessUrl("/").permitAll() // .logoutSuccessUrl("/").permitAll()
// .and().httpBasic(); // .and().httpBasic();
// .and().cors() // .and().cors()
.and().csrf().disable(); // .and().csrf().disable();
; ;
// httpSecurity // httpSecurity
// .csrf().disable() // .csrf().disable()
@ -152,7 +151,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
// } // }
} }
// @Override // @Override
// protected void configure(AuthenticationManagerBuilder auth) throws Exception { // protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.eraseCredentials(false); // auth.eraseCredentials(false);