Merge pull request #147 from axonivy/revert-144-enable-csrf

Revert "Enable CSRF"
axonivy · Dec 23, 2024 · 2ab8453 · 2ab8453
2 parents d4b62da + 835b0a9
commit 2ab8453
Showing 1 changed file with 20 additions and 7 deletions.
diff --git a/src/main/java/io/ivyteam/devops/security/SecurityConfiguration.java b/src/main/java/io/ivyteam/devops/security/SecurityConfiguration.java
@@ -6,6 +6,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -20,18 +21,30 @@ public class SecurityConfiguration extends VaadinWebSecurity {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
-    http.authorizeHttpRequests(authz -> authz.requestMatchers(GitHubWebhookController.PATH).anonymous());
+    http
+        .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable())
+        .authorizeHttpRequests(
+            authz -> {
+              authz.requestMatchers(GitHubWebhookController.PATH).anonymous();
+            })
+        .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable());
     super.configure(http);
+    http.csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable());
     http.oauth2Login(c -> c.loginPage("/login").permitAll());
   }
 
   @Bean
   public OAuth2AuthorizedClientManager authorizedClientManager(
-      ClientRegistrationRepository repo,
-      OAuth2AuthorizedClientService service) {
-    var provider = OAuth2AuthorizedClientProviderBuilder.builder().clientCredentials().build();
-    var manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(repo, service);
-    manager.setAuthorizedClientProvider(provider);
-    return manager;
+      ClientRegistrationRepository clientRegistrationRepository,
+      OAuth2AuthorizedClientService authorizedClientService) {
+
+    OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
+        .clientCredentials().build();
+
+    AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
+        clientRegistrationRepository, authorizedClientService);
+    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
+
+    return authorizedClientManager;
   }
 }