X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fconfig%2FWebSecurityConfiguration.java;h=92ea75e8ddb410e05f154ea20f416a4cc2a058da;hb=6b79976523018d41b3643b15deeb6706ad4daa6e;hp=44297016ce99289b9508a5c0ca444403995721ba;hpb=74b6495875f5654013a5bda7ba3e720f27d0f327;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java index 44297016..92ea75e8 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java @@ -21,6 +21,7 @@ package org.oransc.ric.portal.dashboard.config; import java.io.IOException; import java.lang.invoke.MethodHandles; +import java.lang.reflect.InvocationTargetException; import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; @@ -48,6 +49,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Configuration @EnableWebSecurity @@ -76,7 +78,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { logger.debug("configure: portalapi.username {}", userName); // A chain of ".and()" always baffles me http.authorizeRequests().anyRequest().authenticated(); - // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + http.headers().frameOptions().disable(); + http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class); } @@ -101,8 +104,9 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, // - DashboardConstants.LOGIN_PAGE, // - SimpleErrorController.ERROR_PATH }; + SimpleErrorController.ERROR_PATH, // + DashboardConstants.LOGIN_PAGE // + }; @Override public void configure(WebSecurity web) throws Exception { @@ -112,7 +116,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Bean public PortalAuthManager portalAuthManagerBean() - throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException { + throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException, + IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException { return new PortalAuthManager(appName, userName, password, decryptor, userCookie); } @@ -131,7 +136,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { * correctly. */ public PortalAuthenticationFilter portalAuthenticationFilterBean() - throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException { + throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException, + IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException { PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(), dashboardUserManagerBean()); return portalAuthenticationFilter;