| | |
|---|
| | | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; |
|---|
| | | import org.springframework.security.crypto.password.PasswordEncoder; |
|---|
| | | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
|---|
| | | import org.springframework.security.web.csrf.CookieCsrfTokenRepository; |
|---|
| | | import org.springframework.security.web.csrf.CsrfFilter; |
|---|
| | | import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter; |
|---|
| | | import org.springframework.web.filter.CorsFilter; |
|---|
| | | import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport; |
|---|
| | |
|---|
| | | // @formatter:off |
|---|
| | | http |
|---|
| | | .csrf() |
|---|
| | | .disable() |
|---|
| | | .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class) |
|---|
| | | .exceptionHandling() |
|---|
| | | .authenticationEntryPoint(problemSupport) |
|---|
| | | .accessDeniedHandler(problemSupport) |
|---|
| | | .ignoringAntMatchers("/api/**") |
|---|
| | | .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) |
|---|
| | | .and() |
|---|
| | | .addFilterBefore(corsFilter, CsrfFilter.class) |
|---|
| | | .exceptionHandling() |
|---|
| | | .authenticationEntryPoint(problemSupport) |
|---|
| | | .accessDeniedHandler(problemSupport) |
|---|
| | | .and() |
|---|
| | | .headers() |
|---|
| | | .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy()) |
|---|
