Skip to content

Commit a36cbf1

Browse files
cssruphp-coder
authored andcommitted
SecurityConfig: simplify configuration by using ignoringAntMatchers() method.
Fix #343 No functional changes.
1 parent d4f1025 commit a36cbf1

File tree

1 file changed

+1
-38
lines changed

1 file changed

+1
-38
lines changed

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

Lines changed: 1 addition & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@
1717
*/
1818
package ru.mystamps.web.support.spring.security;
1919

20-
import javax.servlet.http.HttpServletRequest;
21-
2220
import org.springframework.beans.factory.annotation.Autowired;
2321
import org.springframework.context.ApplicationListener;
2422
import org.springframework.context.MessageSource;
@@ -40,7 +38,6 @@
4038
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
4139
import org.springframework.security.crypto.password.PasswordEncoder;
4240
import org.springframework.security.web.access.AccessDeniedHandler;
43-
import org.springframework.security.web.util.matcher.RequestMatcher;
4441

4542
import ru.mystamps.web.Url;
4643
import ru.mystamps.web.config.ServicesConfig;
@@ -108,7 +105,7 @@ protected void configure(HttpSecurity http) throws Exception {
108105
.and()
109106
.csrf()
110107
// Allow unsecured requests to H2 consoles.
111-
.requireCsrfProtectionMatcher(new AllExceptUrlsStartedWith("/console"))
108+
.ignoringAntMatchers("/console/**")
112109
.and()
113110
.rememberMe()
114111
// TODO: GH #27
@@ -154,38 +151,4 @@ private AuthenticationProvider getAuthenticationProvider() {
154151
return provider;
155152
}
156153

157-
private static class AllExceptUrlsStartedWith implements RequestMatcher {
158-
159-
private static final String[] ALLOWED_METHODS =
160-
new String[] {"GET", "HEAD", "TRACE", "OPTIONS"};
161-
162-
private final String[] allowedUrls;
163-
164-
AllExceptUrlsStartedWith(String... allowedUrls) {
165-
this.allowedUrls = allowedUrls;
166-
}
167-
168-
@Override
169-
public boolean matches(HttpServletRequest request) {
170-
// replicate default behavior (see CsrfFilter.DefaultRequiresCsrfMatcher class)
171-
String method = request.getMethod();
172-
for (String allowedMethod : ALLOWED_METHODS) {
173-
if (allowedMethod.equals(method)) {
174-
return false;
175-
}
176-
}
177-
178-
// apply our own exceptions
179-
String uri = request.getRequestURI();
180-
for (String allowedUrl : allowedUrls) {
181-
if (uri.startsWith(allowedUrl)) {
182-
return false;
183-
}
184-
}
185-
186-
return true;
187-
}
188-
189-
}
190-
191154
}

0 commit comments

Comments
 (0)