From 368f8acf9ec6f0b05341f72bf4406a3cf6524d93 Mon Sep 17 00:00:00 2001 From: Dmitriy Kopylenko Date: Mon, 22 Feb 2021 17:00:45 -0500 Subject: [PATCH] Spring Boot upgrade wip --- .../admin/ui/configuration/auto/WebSecurityConfig.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index f9a256b62..cc6847621 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -21,6 +21,7 @@ import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; +import org.springframework.security.web.firewall.DefaultHttpFirewall; import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -55,6 +56,11 @@ public HttpFirewall allowUrlEncodedSlashHttpFirewall() { return firewall; } + @Bean + public HttpFirewall defaultFirewall() { + return new DefaultHttpFirewall(); + } + @Bean @Profile("!no-auth") public WebSecurityConfigurerAdapter defaultAuth() { @@ -142,7 +148,8 @@ protected void configure(HttpSecurity http) throws Exception { @Override public void configure(WebSecurity web) throws Exception { super.configure(web); - web.httpFirewall(allowUrlEncodedSlashHttpFirewall()); + //Switch to the default firewall + web.httpFirewall(defaultFirewall()); } }; }