Merge pull request #144 from axonivy/enable-csrf

Enable CSRF
axonivy · Dec 21, 2024 · 525a55f · 525a55f
2 parents 5656656 + eae49de
commit 525a55f
Showing 1 changed file with 7 additions and 20 deletions.
diff --git a/src/main/java/io/ivyteam/devops/security/SecurityConfiguration.java b/src/main/java/io/ivyteam/devops/security/SecurityConfiguration.java
@@ -6,7 +6,6 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -21,30 +20,18 @@ public class SecurityConfiguration extends VaadinWebSecurity {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
-    http
-        .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable())
-        .authorizeHttpRequests(
-            authz -> {
-              authz.requestMatchers(GitHubWebhookController.PATH).anonymous();
-            })
-        .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable());
+    http.authorizeHttpRequests(authz -> authz.requestMatchers(GitHubWebhookController.PATH).anonymous());
     super.configure(http);
-    http.csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable());
     http.oauth2Login(c -> c.loginPage("/login").permitAll());
   }
 
   @Bean
   public OAuth2AuthorizedClientManager authorizedClientManager(
-      ClientRegistrationRepository clientRegistrationRepository,
-      OAuth2AuthorizedClientService authorizedClientService) {
-
-    OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
-        .clientCredentials().build();
-
-    AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(
-        clientRegistrationRepository, authorizedClientService);
-    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
-
-    return authorizedClientManager;
+      ClientRegistrationRepository repo,
+      OAuth2AuthorizedClientService service) {
+    var provider = OAuth2AuthorizedClientProviderBuilder.builder().clientCredentials().build();
+    var manager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(repo, service);
+    manager.setAuthorizedClientProvider(provider);
+    return manager;
   }
 }