Merge pull request #3 from HideyoshiNakazone/devel

Sets SameSite to LAX
2022-11-11 06:03:10 -03:00
parent 8194891431 980d4d5da4
commit 8a3e7bacc9
2 changed files with 8 additions and 9 deletions
--- a/src/main/java/com/hideyoshi/backendportfolio/base/security/SecurityConfig.java
+++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/SecurityConfig.java
@@ -8,8 +8,10 @@ import com.hideyoshi.backendportfolio.base.security.service.AuthService;
 import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -22,6 +24,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.filter.ForwardedHeaderFilter;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -84,9 +87,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        http.oauth2Login()
            .authorizationEndpoint()
            .authorizationRequestRepository(this.oAuthRequestRepository)
-            .and().successHandler(this::successHandler)
-            .and().exceptionHandling()
-            .authenticationEntryPoint(this::authenticationEntryPoint);
+            .and().successHandler(this::successHandler);
    }

    private void successHandler(HttpServletRequest request,
@@ -103,12 +104,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

    }

-    private void authenticationEntryPoint(HttpServletRequest request,
-                                          HttpServletResponse response,
-                                          AuthenticationException authentication ) {
-        throw new AuthenticationInvalidException(authentication.getMessage());
-    }
-

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -13,6 +13,10 @@ com:


 server:
+  servlet:
+    session:
+      cookie:
+        same-site: lax
  port: ${PORT}

 spring: