Sets SameSite to LAX
This commit is contained in:
@@ -8,8 +8,10 @@ import com.hideyoshi.backendportfolio.base.security.service.AuthService;
|
|||||||
import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException;
|
import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.log4j.Log4j2;
|
import lombok.extern.log4j.Log4j2;
|
||||||
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.core.Ordered;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
@@ -22,6 +24,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
|||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
import org.springframework.web.filter.ForwardedHeaderFilter;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
@@ -84,9 +87,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
http.oauth2Login()
|
http.oauth2Login()
|
||||||
.authorizationEndpoint()
|
.authorizationEndpoint()
|
||||||
.authorizationRequestRepository(this.oAuthRequestRepository)
|
.authorizationRequestRepository(this.oAuthRequestRepository)
|
||||||
.and().successHandler(this::successHandler)
|
.and().successHandler(this::successHandler);
|
||||||
.and().exceptionHandling()
|
|
||||||
.authenticationEntryPoint(this::authenticationEntryPoint);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void successHandler(HttpServletRequest request,
|
private void successHandler(HttpServletRequest request,
|
||||||
@@ -103,12 +104,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void authenticationEntryPoint(HttpServletRequest request,
|
|
||||||
HttpServletResponse response,
|
|
||||||
AuthenticationException authentication ) {
|
|
||||||
throw new AuthenticationInvalidException(authentication.getMessage());
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||||
|
|||||||
@@ -13,6 +13,10 @@ com:
|
|||||||
|
|
||||||
|
|
||||||
server:
|
server:
|
||||||
|
servlet:
|
||||||
|
session:
|
||||||
|
cookie:
|
||||||
|
same-site: lax
|
||||||
port: ${PORT}
|
port: ${PORT}
|
||||||
|
|
||||||
spring:
|
spring:
|
||||||
|
|||||||
Reference in New Issue
Block a user