From a6afdfaf850c9da4c2f37ffc04c0a36df0852187 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 08 九月 2023 17:29:35 +0800
Subject: [PATCH] [UPDATE] 修改弱點掃描Dereference null return (stat)
---
pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index 191ed67..a546258 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -14,6 +14,8 @@
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
import org.springframework.web.filter.CorsFilter;
import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
@@ -58,11 +60,13 @@
// @formatter:off
http
.csrf()
- .disable()
- .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
- .exceptionHandling()
- .authenticationEntryPoint(problemSupport)
- .accessDeniedHandler(problemSupport)
+ .ignoringAntMatchers("/api/**")
+ .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+ .and()
+ .addFilterBefore(corsFilter, CsrfFilter.class)
+ .exceptionHandling()
+ .authenticationEntryPoint(problemSupport)
+ .accessDeniedHandler(problemSupport)
.and()
.headers()
.contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
--
Gitblit v1.8.0