@@ -29,24 +29,24 @@ public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter,
2929 this .customAccessDeniedHandler = customAccessDeniedHandler ;
3030 }
3131
32- @ Bean
33- public SecurityFilterChain securityFilterChain (HttpSecurity http ) throws Exception {
34- CookieCsrfTokenRepository csrfTokenRepository = CookieCsrfTokenRepository .withHttpOnlyFalse ();
35- csrfTokenRepository .setCookieHttpOnly (true ); // Fixes the security hotspot
32+ @ Bean
33+ public SecurityFilterChain securityFilterChain (HttpSecurity http ) throws Exception {
34+ CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository ();
35+ csrfTokenRepository .setCookieHttpOnly (true );
36+ csrfTokenRepository .setCookiePath ("/" );
37+ http
38+ .csrf (csrf -> csrf .csrfTokenRepository (csrfTokenRepository ))
39+ .sessionManagement (session -> session .sessionCreationPolicy (SessionCreationPolicy .STATELESS ))
40+ .authorizeHttpRequests (auth -> auth
41+ .requestMatchers ("/user/*" ).permitAll ()
42+ .anyRequest ().authenticated ()
43+ )
44+ .exceptionHandling (ex -> ex
45+ .authenticationEntryPoint (customAuthenticationEntryPoint )
46+ .accessDeniedHandler (customAccessDeniedHandler )
47+ )
48+ .addFilterBefore (roleAuthenticationFilter , UsernamePasswordAuthenticationFilter .class );
3649
37- http
38- .csrf (csrf -> csrf .csrfTokenRepository (csrfTokenRepository ))
39- .sessionManagement (session -> session .sessionCreationPolicy (SessionCreationPolicy .STATELESS ))
40- .authorizeHttpRequests (auth -> auth
41- .requestMatchers ("/user/*" ).permitAll ()
42- .anyRequest ().authenticated ()
43- )
44- .exceptionHandling (ex -> ex
45- .authenticationEntryPoint (customAuthenticationEntryPoint )
46- .accessDeniedHandler (customAccessDeniedHandler )
47- )
48- .addFilterBefore (roleAuthenticationFilter , UsernamePasswordAuthenticationFilter .class );
49-
50- return http .build ();
51- }
52- }
50+ return http .build ();
51+ }
52+ }
0 commit comments