csrf is enabled again

2019-11-17 11:26:46 +05:30 · 2019-11-17 11:26:46 +05:30 · 84c2c7c245
commit 84c2c7c245
parent f06bf516dd
1 changed files with 11 additions and 12 deletions
--- a/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
+++ b/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
@ -90,8 +90,6 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

 	}

-	
-
 	@Configuration
 	@Order(2)
 	public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
@ -103,10 +101,12 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

 		@Override
 		protected void configure(HttpSecurity httpSecurity) throws Exception {
-			httpSecurity.authorizeRequests()
+			httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
+
+					.authorizeRequests()
 //            		.antMatchers(HttpMethod.POST, "/api/**").permitAll()
-					.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**",
-							"/js/**", "/img/**")
+					.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
+							"/perform_registration", "/css/**", "/js/**", "/img/**")
 					.permitAll()
 //                    .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
 					.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 					.and()

 					.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
-                    .successHandler(mySimpleUrlAuthenticationSuccessHandler)
-                    .and()
-                    .logout().logoutSuccessHandler(myLogoutSuccessHandler)
+					.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
+					.logoutSuccessHandler(myLogoutSuccessHandler)
 //					.failureUrl("/?login_error")
 //					.and()
 //					.logout().invalidateHttpSession(true)
@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 //					.logoutSuccessUrl("/").permitAll()
 //					.and().httpBasic();
 //					.and().cors()
-					.and().csrf().disable();
+//					.and().csrf().disable();
 			;
 //    	    	httpSecurity
 //    	    		.csrf().disable()