christoph/lecture-professional-software-development
1
Fork 0
Code Activity

disable csrf + headers.frameoptions, permit /h2-console/**

Browse Source
This commit is contained in:
Christoph
2020-03-05 14:07:41 +01:00
parent 63e1c3027d
commit 3842ee1739
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/mops/gruppen2/security/SecurityConfig.java
View File

@ -61,12 +61,17 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
.hasRole("monitoring") .hasRole("monitoring")
.and() .and()
.authorizeRequests() .authorizeRequests()
.antMatchers("h2-console/**") .antMatchers("/h2-console/**")
.permitAll() .permitAll()
.anyRequest() .anyRequest()
.permitAll(); .permitAll();
http.csrf().disable();
http.headers().frameOptions().disable();
} }
/** /**
* Declaring this class enables us to use the Spring specific * Declaring this class enables us to use the Spring specific
* {@link org.springframework.security.access.annotation.Secured} annotation * {@link org.springframework.security.access.annotation.Secured} annotation