Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Disabled unused spring security functionality
Browse files Browse the repository at this point in the history
markpatton committed Apr 4, 2024

Verified

This commit was signed with the committer’s verified signature.
Harshit28j Harshit Jain
1 parent 3338fa0 commit 2c4fa13
Showing 1 changed file with 5 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -22,7 +22,9 @@
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
@@ -58,7 +60,10 @@ public class SecurityConfiguration {
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// Disable unused functionality
http.csrf(CsrfConfigurer::disable);
http.formLogin(FormLoginConfigurer::disable);
http.anonymous(AnonymousConfigurer::disable);

// Set Content Security Policy header only for /app/
ContentSecurityPolicyHeaderWriter cspHeaderWriter = new ContentSecurityPolicyHeaderWriter();

0 comments on commit 2c4fa13

Please sign in to comment.