Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
SHIBUI-2452
"unlocking" the MDQ endpoint
  • Loading branch information
chasegawa committed Nov 10, 2022
1 parent 1564e59 commit c2062a6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
Expand Up @@ -88,7 +88,7 @@ protected void configure(HttpSecurity http) throws Exception {
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.authorizeRequests()
.antMatchers("/unsecured/**/*").permitAll()
.antMatchers("/unsecured/**/*","/entities/**/*").permitAll()
.anyRequest().hasAnyRole(acceptedAuthenticationRoles)
.and()
.exceptionHandling().accessDeniedHandler((request, response, accessDeniedException) -> response.sendRedirect("/unsecured/error.html"))
Expand Down
Expand Up @@ -64,7 +64,7 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll();
http.authorizeRequests().antMatchers("/unsecured/**/*","/entities/**/*").permitAll();

// adding the authorizer bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker
final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED);
Expand Down Expand Up @@ -120,7 +120,7 @@ public void configure(org.springframework.security.config.annotation.web.builder
web.httpFirewall(firewall);

// These don't need to be secured
web.ignoring().antMatchers("/favicon.ico", "/unsecured/**/*", "/assets/**/*.png", "/static/**/*", "/**/*.css");
web.ignoring().antMatchers("/favicon.ico", "/unsecured/**/*", "/assets/**/*.png", "/static/**/*", "/**/*.css", "/entities/**/*");
}
}

Expand Down

0 comments on commit c2062a6

Please sign in to comment.