Skip to content

Commit 43b91a7

Browse files
mraiblemraible
committed
Better to make web resources public as ignore disables certain security features that are not ideal
1 parent 5f29ca6 commit 43b91a7

1 file changed

Lines changed: 9 additions & 8 deletions

File tree

src/main/java/com/okta/developer/jugtours/config/SecurityConfiguration.java

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,25 +6,25 @@
66
import org.springframework.context.annotation.Configuration;
77
import org.springframework.context.annotation.Profile;
88
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9-
import org.springframework.security.config.annotation.web.builders.WebSecurity;
109
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
1110
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
1211
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
1312
import org.springframework.security.web.savedrequest.RequestCache;
1413
import org.springframework.security.web.savedrequest.SavedRequest;
1514

16-
import javax.servlet.http.*;
17-
import java.util.*;
15+
import javax.servlet.http.Cookie;
16+
import javax.servlet.http.HttpServletRequest;
17+
import javax.servlet.http.HttpServletResponse;
18+
import javax.servlet.http.HttpSession;
19+
import java.util.Collection;
20+
import java.util.List;
21+
import java.util.Locale;
22+
import java.util.Map;
1823

1924
@Configuration
2025
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
2126
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
2227

23-
@Override
24-
public void configure(WebSecurity web) throws Exception {
25-
web.ignoring().antMatchers("/**/*.{js,html,css}");
26-
}
27-
2828
@Override
2929
protected void configure(HttpSecurity http) throws Exception {
3030
RequestCache requestCache = refererRequestCache();
@@ -41,6 +41,7 @@ protected void configure(HttpSecurity http) throws Exception {
4141
.requestCache(requestCache)
4242
.and()
4343
.authorizeRequests()
44+
.antMatchers("/**/*.{js,html,css}").permitAll()
4445
.antMatchers("/", "/api/user").permitAll()
4546
.anyRequest().authenticated();/*
4647
.and()

0 commit comments

Comments
 (0)