Skip to content

Commit

Permalink
Disabled unused spring security functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
markpatton committed Apr 4, 2024
1 parent 3338fa0 commit 2c4fa13
Showing 1 changed file with 5 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
Expand Down Expand Up @@ -58,7 +60,10 @@ public class SecurityConfiguration {
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// Disable unused functionality
http.csrf(CsrfConfigurer::disable);
http.formLogin(FormLoginConfigurer::disable);
http.anonymous(AnonymousConfigurer::disable);

// Set Content Security Policy header only for /app/
ContentSecurityPolicyHeaderWriter cspHeaderWriter = new ContentSecurityPolicyHeaderWriter();
Expand Down

0 comments on commit 2c4fa13

Please sign in to comment.