avatic/lcc_tool
avatic/lcc_tool
1
0
Fork 0
Code Issues 31 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Updated properties and enhanced SecurityConfig

Browse source 
- Changed `server.forward-headers-strategy` to `native` in `application.properties`.
- Added exclusion for `/login/oauth2/code/**` in CSRF configuration.
This commit is contained in:
Jan 2025-10-25 16:45:01 +02:00
parent 3f0644c1e9
commit 8cb922a88d
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/de/avatic/lcc/config/SecurityConfig.java
View file

@ -73,6 +73,7 @@ public class SecurityConfig {
.jwtAuthenticationConverter(jwtAuthenticationConverter()) .jwtAuthenticationConverter(jwtAuthenticationConverter())
) )
) )
.exceptionHandling(ex -> ex .exceptionHandling(ex -> ex
.defaultAuthenticationEntryPointFor( .defaultAuthenticationEntryPointFor(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
@ -82,6 +83,7 @@ public class SecurityConfig {
.csrf(csrf -> csrf .csrf(csrf -> csrf
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.csrfTokenRequestHandler(new LccCsrfTokenRequestHandler()) .csrfTokenRequestHandler(new LccCsrfTokenRequestHandler())
.ignoringRequestMatchers("/login/oauth2/code/**")
) )
.addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class) .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
.addFilterBefore( .addFilterBefore(

2
src/main/resources/application.properties
View file

@ -23,4 +23,4 @@ spring.flyway.enabled=true
spring.flyway.locations=classpath:db/migration spring.flyway.locations=classpath:db/migration
spring.flyway.baseline-on-migrate=true spring.flyway.baseline-on-migrate=true
spring.sql.init.mode=never spring.sql.init.mode=never
server.forward-headers-strategy=framework server.forward-headers-strategy=native