|
17 | 17 | */
|
18 | 18 | package ru.mystamps.web.support.spring.security;
|
19 | 19 |
|
20 |
| -import javax.servlet.http.HttpServletRequest; |
21 |
| - |
22 | 20 | import org.springframework.beans.factory.annotation.Autowired;
|
23 | 21 | import org.springframework.context.ApplicationListener;
|
24 | 22 | import org.springframework.context.MessageSource;
|
|
40 | 38 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
41 | 39 | import org.springframework.security.crypto.password.PasswordEncoder;
|
42 | 40 | import org.springframework.security.web.access.AccessDeniedHandler;
|
43 |
| -import org.springframework.security.web.util.matcher.RequestMatcher; |
44 | 41 |
|
45 | 42 | import ru.mystamps.web.Url;
|
46 | 43 | import ru.mystamps.web.config.ServicesConfig;
|
@@ -108,7 +105,7 @@ protected void configure(HttpSecurity http) throws Exception {
|
108 | 105 | .and()
|
109 | 106 | .csrf()
|
110 | 107 | // Allow unsecured requests to H2 consoles.
|
111 |
| - .requireCsrfProtectionMatcher(new AllExceptUrlsStartedWith("/console")) |
| 108 | + .ignoringAntMatchers("/console/**") |
112 | 109 | .and()
|
113 | 110 | .rememberMe()
|
114 | 111 | // TODO: GH #27
|
@@ -154,38 +151,4 @@ private AuthenticationProvider getAuthenticationProvider() {
|
154 | 151 | return provider;
|
155 | 152 | }
|
156 | 153 |
|
157 |
| - private static class AllExceptUrlsStartedWith implements RequestMatcher { |
158 |
| - |
159 |
| - private static final String[] ALLOWED_METHODS = |
160 |
| - new String[] {"GET", "HEAD", "TRACE", "OPTIONS"}; |
161 |
| - |
162 |
| - private final String[] allowedUrls; |
163 |
| - |
164 |
| - AllExceptUrlsStartedWith(String... allowedUrls) { |
165 |
| - this.allowedUrls = allowedUrls; |
166 |
| - } |
167 |
| - |
168 |
| - @Override |
169 |
| - public boolean matches(HttpServletRequest request) { |
170 |
| - // replicate default behavior (see CsrfFilter.DefaultRequiresCsrfMatcher class) |
171 |
| - String method = request.getMethod(); |
172 |
| - for (String allowedMethod : ALLOWED_METHODS) { |
173 |
| - if (allowedMethod.equals(method)) { |
174 |
| - return false; |
175 |
| - } |
176 |
| - } |
177 |
| - |
178 |
| - // apply our own exceptions |
179 |
| - String uri = request.getRequestURI(); |
180 |
| - for (String allowedUrl : allowedUrls) { |
181 |
| - if (uri.startsWith(allowedUrl)) { |
182 |
| - return false; |
183 |
| - } |
184 |
| - } |
185 |
| - |
186 |
| - return true; |
187 |
| - } |
188 |
| - |
189 |
| - } |
190 |
| - |
191 | 154 | }
|
0 commit comments