Changed X-Frame attribute value to sameorigin

[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / config / ExternalSecurityConfig.java

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
index f509dd2..ae08a34 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
@@ -33,7 +33,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.config;
 
@@ -41,6 +41,8 @@ import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.onap.portalapp.music.util.MusicUtil;
+import org.onap.portalapp.portal.utils.MusicCookieCsrfTokenRepository;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -61,14 +63,20 @@ public class ExternalSecurityConfig extends WebSecurityConfigurerAdapter {
                        @Override
                        public boolean matches(HttpServletRequest request) {
                                if(allowedMethods.matcher(request.getMethod()).matches())
-                           return false;
-                       
+                           return false;   
                                if(requestMatcher.matches(request))
-                                       return true;
-                               
+                                       return true;                    
                                return false;
                        }
                };
-               http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
+               
+               
+               //Added this code to enable Raptor charts within Iframe
+               http.headers().frameOptions().sameOrigin();
+               
+               if(MusicUtil.isMusicEnable())
+                       http.csrf().csrfTokenRepository(MusicCookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
+               else
+                       http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
        }
 }