disable csrf + headers.frameoptions, permit /h2-console/**

2020-03-05 14:07:41 +01:00
parent 63e1c3027d
commit 3842ee1739
1 changed files with 6 additions and 1 deletions
--- a/src/main/java/mops/gruppen2/security/SecurityConfig.java
+++ b/src/main/java/mops/gruppen2/security/SecurityConfig.java
@ -61,12 +61,17 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
                .hasRole("monitoring")
                .and()
                .authorizeRequests()
-                .antMatchers("h2-console/**")
+                .antMatchers("/h2-console/**")
                .permitAll()
                .anyRequest()
                .permitAll();
+
+        http.csrf().disable();
+        http.headers().frameOptions().disable();
    }

+
+
    /**
     * Declaring this class enables us to use the Spring specific
     * {@link org.springframework.security.access.annotation.Secured} annotation