保誠-保戶業務員媒合平台
究查 | 歷程 | 修補檔 | 提交 | 提交差異 | 忽略空白
jack
2023-08-29 870dcd4f537565c418458776aef70593ffa5ec19 
 pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java


@@ -14,6 +14,8 @@


import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


import org.springframework.security.crypto.password.PasswordEncoder;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import org.springframework.security.web.csrf.CookieCsrfTokenRepository;


import org.springframework.security.web.csrf.CsrfFilter;


import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;


import org.springframework.web.filter.CorsFilter;


import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;


@@ -58,11 +60,13 @@


        // @formatter:off


        http


            .csrf()


            .disable()


            .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)


            .exceptionHandling()


                .authenticationEntryPoint(problemSupport)


                .accessDeniedHandler(problemSupport)


            .ignoringAntMatchers("/api/**")


            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())


        .and()


        .addFilterBefore(corsFilter, CsrfFilter.class)


        .exceptionHandling()


            .authenticationEntryPoint(problemSupport)


            .accessDeniedHandler(problemSupport)


        .and()


            .headers()


            .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())