X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fconfig%2FExternalSecurityConfig.java;h=5354fa391fc173efbd8ed24d779f76dc5cc31496;hb=2edaa4d6a5f7066e0c718f85a7bf7b8dabd0c59b;hp=9f561b05bad61730f86803bd8780554278b70347;hpb=24608a9e1450c409dc3870440d29e91cc3a26bb9;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java index 9f561b05..5354fa39 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java @@ -41,11 +41,11 @@ import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; +import org.onap.portalapp.portal.utils.MusicCookieCsrfTokenRepository; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.util.matcher.RegexRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -61,14 +61,12 @@ public class ExternalSecurityConfig extends WebSecurityConfigurerAdapter { @Override public boolean matches(HttpServletRequest request) { if(allowedMethods.matcher(request.getMethod()).matches()) - return false; - + return false; if(requestMatcher.matches(request)) - return true; - + return true; return false; } }; - http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher); + http.csrf().csrfTokenRepository(MusicCookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher); } }