1212@ Configuration
1313public class HttpConfig {
1414
15- private static final String [] SWAGGER_PATHS = {
16- "/swagger-ui/**" ,
17- "/v3/api-docs/**"
18- };
15+ private static final String [] SWAGGER_PATHS = {"/swagger-ui/**" , "/v3/api-docs/**" };
1916
20- private static final String [] ACTUATOR_CSRF_EXCLUDED_PATHS = {
21- "/actuator/hawtio/**" ,
22- "/actuator/jolokia/**" ,
23- };
17+ private static final String [] ACTUATOR_CSRF_EXCLUDED_PATHS = {
18+ "/actuator/hawtio/**" , "/actuator/jolokia/**" ,
19+ };
2420
21+ @ Bean
22+ public SecurityFilterChain localLoginAndRedirectFilterChain (HttpSecurity http ) throws Exception {
2523
26- @ Bean
27- public SecurityFilterChain localLoginAndRedirectFilterChain (HttpSecurity http ) throws Exception {
28-
29- http .csrf (csrf -> csrf
30- .csrfTokenRepository (new CookieCsrfTokenRepository ())
24+ http .csrf (
25+ csrf ->
26+ csrf .csrfTokenRepository (new CookieCsrfTokenRepository ())
3127 .csrfTokenRequestHandler (new CsrfTokenRequestAttributeHandler ())
32- .ignoringRequestMatchers (ACTUATOR_CSRF_EXCLUDED_PATHS )
33- );
34- http .authorizeHttpRequests (authorize -> authorize
35- .requestMatchers (HttpMethod .GET , SWAGGER_PATHS ).authenticated ()
36- .requestMatchers ("/actuator/**" ).hasAnyRole ("ACTUATOR" , "ADMIN" )
37- .anyRequest ().authenticated ()
38- );
39- SavedRequestAwareAuthenticationSuccessHandler handler =
40- new SavedRequestAwareAuthenticationSuccessHandler ();
41- handler .setDefaultTargetUrl ("/actuator/hawtio" );
42- handler .setAlwaysUseDefaultTargetUrl (false );
43- handler .setRedirectStrategy (new NoContinueRedirectStrategy ());
44- http .formLogin (formLogin -> formLogin
45- .successHandler (handler )
46- );
47- http .httpBasic (httpBasic -> {});
48- return http .build ();
49- }
50-
51- static class NoContinueRedirectStrategy implements org .springframework .security .web .RedirectStrategy {
52- org .springframework .security .web .DefaultRedirectStrategy delegate =
53- new org .springframework .security .web .DefaultRedirectStrategy ();
54- @ Override
55- public void sendRedirect (
56- jakarta .servlet .http .HttpServletRequest request ,
57- jakarta .servlet .http .HttpServletResponse response ,
58- String url
59- ) throws java .io .IOException {
60- String cleanedUrl = url .replace ("?continue" , "" ).replace ("&continue" , "" );
61- delegate .sendRedirect (request , response , cleanedUrl );
62- }
28+ .ignoringRequestMatchers (ACTUATOR_CSRF_EXCLUDED_PATHS ));
29+ http .authorizeHttpRequests (
30+ authorize ->
31+ authorize
32+ .requestMatchers (HttpMethod .GET , SWAGGER_PATHS )
33+ .authenticated ()
34+ .requestMatchers ("/actuator/**" )
35+ .hasAnyRole ("ACTUATOR" , "ADMIN" )
36+ .anyRequest ()
37+ .authenticated ());
38+ SavedRequestAwareAuthenticationSuccessHandler handler =
39+ new SavedRequestAwareAuthenticationSuccessHandler ();
40+ handler .setDefaultTargetUrl ("/actuator/hawtio" );
41+ handler .setAlwaysUseDefaultTargetUrl (false );
42+ handler .setRedirectStrategy (new NoContinueRedirectStrategy ());
43+ http .formLogin (formLogin -> formLogin .successHandler (handler ));
44+ http .httpBasic (httpBasic -> {});
45+ return http .build ();
46+ }
47+
48+ static class NoContinueRedirectStrategy
49+ implements org .springframework .security .web .RedirectStrategy {
50+ org .springframework .security .web .DefaultRedirectStrategy delegate =
51+ new org .springframework .security .web .DefaultRedirectStrategy ();
52+
53+ @ Override
54+ public void sendRedirect (
55+ jakarta .servlet .http .HttpServletRequest request ,
56+ jakarta .servlet .http .HttpServletResponse response ,
57+ String url )
58+ throws java .io .IOException {
59+ String cleanedUrl = url .replace ("?continue" , "" ).replace ("&continue" , "" );
60+ delegate .sendRedirect (request , response , cleanedUrl );
6361 }
64-
65- }
62+ }
63+ }
0 commit comments